pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-11-19 03:04:48 +00:00
parent 103f1162a6
commit a85477edee
28 changed files with 2457 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
oval/c10f1/ALT-PU-2024-15237/definitions.json Normal file
View File

@ -0,0 +1,109 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415237",
"Version": "oval:org.altlinux.errata:def:202415237",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15237: package `cmake` update to version 3.23.2-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15237",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15237",
"Source": "ALTPU"
}
],
"Description": "This update upgrades cmake to version 3.23.2-alt3. \nSecurity Fix(es):\n\n * #45833: добавить макрос для ctest",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-13"
},
"Updated": {
"Date": "2024-11-13"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "45833",
"Href": "https://bugzilla.altlinux.org/45833",
"Data": "добавить макрос для ctest"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415237001",
"Comment": "bash-completion-cmake is earlier than 0:3.23.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415237002",
"Comment": "ccmake is earlier than 0:3.23.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415237003",
"Comment": "cmake is earlier than 0:3.23.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415237004",
"Comment": "cmake-doc is earlier than 0:3.23.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415237005",
"Comment": "cmake-gui is earlier than 0:3.23.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415237006",
"Comment": "cmake-modules is earlier than 0:3.23.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415237007",
"Comment": "ctest is earlier than 0:3.23.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415237008",
"Comment": "rpm-macros-cmake is earlier than 0:3.23.2-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415237009",
"Comment": "vim-plugin-cmake is earlier than 0:3.23.2-alt3"
}
]
}
]
}
}
]
}

82
oval/c10f1/ALT-PU-2024-15237/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415237001",
"Version": "1",
"Comment": "bash-completion-cmake is installed",
"Name": "bash-completion-cmake"
},
{
"ID": "oval:org.altlinux.errata:obj:202415237002",
"Version": "1",
"Comment": "ccmake is installed",
"Name": "ccmake"
},
{
"ID": "oval:org.altlinux.errata:obj:202415237003",
"Version": "1",
"Comment": "cmake is installed",
"Name": "cmake"
},
{
"ID": "oval:org.altlinux.errata:obj:202415237004",
"Version": "1",
"Comment": "cmake-doc is installed",
"Name": "cmake-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202415237005",
"Version": "1",
"Comment": "cmake-gui is installed",
"Name": "cmake-gui"
},
{
"ID": "oval:org.altlinux.errata:obj:202415237006",
"Version": "1",
"Comment": "cmake-modules is installed",
"Name": "cmake-modules"
},
{
"ID": "oval:org.altlinux.errata:obj:202415237007",
"Version": "1",
"Comment": "ctest is installed",
"Name": "ctest"
},
{
"ID": "oval:org.altlinux.errata:obj:202415237008",
"Version": "1",
"Comment": "rpm-macros-cmake is installed",
"Name": "rpm-macros-cmake"
},
{
"ID": "oval:org.altlinux.errata:obj:202415237009",
"Version": "1",
"Comment": "vim-plugin-cmake is installed",
"Name": "vim-plugin-cmake"
}
]
}

23
oval/c10f1/ALT-PU-2024-15237/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415237001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.23.2-alt3",
"Arch": {},
"EVR": {
"Text": "0:3.23.2-alt3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/c10f1/ALT-PU-2024-15237/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415237001",
"Version": "1",
"Check": "all",
"Comment": "bash-completion-cmake is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415237002",
"Version": "1",
"Check": "all",
"Comment": "ccmake is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415237003",
"Version": "1",
"Check": "all",
"Comment": "cmake is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415237004",
"Version": "1",
"Check": "all",
"Comment": "cmake-doc is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415237005",
"Version": "1",
"Check": "all",
"Comment": "cmake-gui is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415237006",
"Version": "1",
"Check": "all",
"Comment": "cmake-modules is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415237007",
"Version": "1",
"Check": "all",
"Comment": "ctest is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415237008",
"Version": "1",
"Check": "all",
"Comment": "rpm-macros-cmake is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415237009",
"Version": "1",
"Check": "all",
"Comment": "vim-plugin-cmake is earlier than 0:3.23.2-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415237009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415237001"
}
}
]
}

263
oval/c10f1/ALT-PU-2024-15239/definitions.json Normal file
View File

@ -0,0 +1,263 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415239",
"Version": "oval:org.altlinux.errata:def:202415239",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15239: package `LibreOffice-still` update to version 24.2.6.2-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15239",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15239",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-04136",
"RefURL": "https://bdu.fstec.ru/vul/2024-04136",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04913",
"RefURL": "https://bdu.fstec.ru/vul/2024-04913",
"Source": "BDU"
},
{
"RefID": "BDU:2024-06443",
"RefURL": "https://bdu.fstec.ru/vul/2024-06443",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07260",
"RefURL": "https://bdu.fstec.ru/vul/2024-07260",
"Source": "BDU"
},
{
"RefID": "CVE-2024-3044",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3044",
"Source": "CVE"
},
{
"RefID": "CVE-2024-5261",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5261",
"Source": "CVE"
},
{
"RefID": "CVE-2024-6472",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472",
"Source": "CVE"
},
{
"RefID": "CVE-2024-7788",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7788",
"Source": "CVE"
}
],
"Description": "This update upgrades LibreOffice-still to version 24.2.6.2-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-04136: Уязвимость пакета офисных программ LibreOffice, связанная с возможностью внедрения кода или данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-04913: Уязвимость компонента LibreOfficeKit пакета офисных программ LibreOffice, позволяющая уязвимости может позволить нарушителю выполнить произвольный код\n\n * BDU:2024-06443: Уязвимость пользовательского интерфейса проверки сертификата пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-07260: Уязвимость пакета офисных программ LibreOffice, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю создать специально сформированный документ, который после восстановления сообщал о действительном статусе электронной подписи\n\n * CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.\n\n * CVE-2024-5261: Improper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\n\nLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\n\nLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\n\nIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl's TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\n\nIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\n\nThis issue affects LibreOffice before version 24.2.4.\n\n * CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability.\n\n\n\n\nSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\n\nPreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\n\n\nThis issue affects LibreOffice: from 24.2 before 24.2.5.\n\n * CVE-2024-7788: Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before \u003c 24.2.5.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-18"
},
"Updated": {
"Date": "2024-11-18"
},
"BDUs": [
{
"ID": "BDU:2024-04136",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2024-04136",
"Impact": "High",
"Public": "20240514"
},
{
"ID": "BDU:2024-04913",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2024-04913",
"Impact": "Critical",
"Public": "20240625"
},
{
"ID": "BDU:2024-06443",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2024-06443",
"Impact": "High",
"Public": "20240805"
},
{
"ID": "BDU:2024-07260",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-347",
"Href": "https://bdu.fstec.ru/vul/2024-07260",
"Impact": "High",
"Public": "20240917"
}
],
"CVEs": [
{
"ID": "CVE-2024-3044",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3044",
"Impact": "None",
"Public": "20240514"
},
{
"ID": "CVE-2024-5261",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5261",
"Impact": "None",
"Public": "20240625"
},
{
"ID": "CVE-2024-6472",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472",
"Impact": "None",
"Public": "20240805"
},
{
"ID": "CVE-2024-7788",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-347",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7788",
"Impact": "High",
"Public": "20240917"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415239001",
"Comment": "LibreOffice-still is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239002",
"Comment": "LibreOffice-still-common is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239003",
"Comment": "LibreOffice-still-extensions is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239004",
"Comment": "LibreOffice-still-gtk3 is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239005",
"Comment": "LibreOffice-still-integrated is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239006",
"Comment": "LibreOffice-still-kde5 is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239007",
"Comment": "LibreOffice-still-langpack-be is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239008",
"Comment": "LibreOffice-still-langpack-de is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239009",
"Comment": "LibreOffice-still-langpack-el is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239010",
"Comment": "LibreOffice-still-langpack-es is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239011",
"Comment": "LibreOffice-still-langpack-fr is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239012",
"Comment": "LibreOffice-still-langpack-kk is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239013",
"Comment": "LibreOffice-still-langpack-ky is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239014",
"Comment": "LibreOffice-still-langpack-pt-BR is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239015",
"Comment": "LibreOffice-still-langpack-ru is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239016",
"Comment": "LibreOffice-still-langpack-tt is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239017",
"Comment": "LibreOffice-still-langpack-uk is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239018",
"Comment": "LibreOffice-still-langpack-uz is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239019",
"Comment": "LibreOffice-still-mimetypes is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239020",
"Comment": "LibreOffice-still-qt5 is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239021",
"Comment": "LibreOffice-still-sdk is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239022",
"Comment": "libreofficekit-still is earlier than 0:24.2.6.2-alt0.p10.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415239023",
"Comment": "libreofficekit-still-devel is earlier than 0:24.2.6.2-alt0.p10.1"
}
]
}
]
}
}
]
}

166
oval/c10f1/ALT-PU-2024-15239/objects.json Normal file
View File

@ -0,0 +1,166 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415239001",
"Version": "1",
"Comment": "LibreOffice-still is installed",
"Name": "LibreOffice-still"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239002",
"Version": "1",
"Comment": "LibreOffice-still-common is installed",
"Name": "LibreOffice-still-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239003",
"Version": "1",
"Comment": "LibreOffice-still-extensions is installed",
"Name": "LibreOffice-still-extensions"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239004",
"Version": "1",
"Comment": "LibreOffice-still-gtk3 is installed",
"Name": "LibreOffice-still-gtk3"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239005",
"Version": "1",
"Comment": "LibreOffice-still-integrated is installed",
"Name": "LibreOffice-still-integrated"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239006",
"Version": "1",
"Comment": "LibreOffice-still-kde5 is installed",
"Name": "LibreOffice-still-kde5"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239007",
"Version": "1",
"Comment": "LibreOffice-still-langpack-be is installed",
"Name": "LibreOffice-still-langpack-be"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239008",
"Version": "1",
"Comment": "LibreOffice-still-langpack-de is installed",
"Name": "LibreOffice-still-langpack-de"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239009",
"Version": "1",
"Comment": "LibreOffice-still-langpack-el is installed",
"Name": "LibreOffice-still-langpack-el"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239010",
"Version": "1",
"Comment": "LibreOffice-still-langpack-es is installed",
"Name": "LibreOffice-still-langpack-es"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239011",
"Version": "1",
"Comment": "LibreOffice-still-langpack-fr is installed",
"Name": "LibreOffice-still-langpack-fr"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239012",
"Version": "1",
"Comment": "LibreOffice-still-langpack-kk is installed",
"Name": "LibreOffice-still-langpack-kk"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239013",
"Version": "1",
"Comment": "LibreOffice-still-langpack-ky is installed",
"Name": "LibreOffice-still-langpack-ky"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239014",
"Version": "1",
"Comment": "LibreOffice-still-langpack-pt-BR is installed",
"Name": "LibreOffice-still-langpack-pt-BR"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239015",
"Version": "1",
"Comment": "LibreOffice-still-langpack-ru is installed",
"Name": "LibreOffice-still-langpack-ru"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239016",
"Version": "1",
"Comment": "LibreOffice-still-langpack-tt is installed",
"Name": "LibreOffice-still-langpack-tt"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239017",
"Version": "1",
"Comment": "LibreOffice-still-langpack-uk is installed",
"Name": "LibreOffice-still-langpack-uk"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239018",
"Version": "1",
"Comment": "LibreOffice-still-langpack-uz is installed",
"Name": "LibreOffice-still-langpack-uz"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239019",
"Version": "1",
"Comment": "LibreOffice-still-mimetypes is installed",
"Name": "LibreOffice-still-mimetypes"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239020",
"Version": "1",
"Comment": "LibreOffice-still-qt5 is installed",
"Name": "LibreOffice-still-qt5"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239021",
"Version": "1",
"Comment": "LibreOffice-still-sdk is installed",
"Name": "LibreOffice-still-sdk"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239022",
"Version": "1",
"Comment": "libreofficekit-still is installed",
"Name": "libreofficekit-still"
},
{
"ID": "oval:org.altlinux.errata:obj:202415239023",
"Version": "1",
"Comment": "libreofficekit-still-devel is installed",
"Name": "libreofficekit-still-devel"
}
]
}

23
oval/c10f1/ALT-PU-2024-15239/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415239001",
"Version": "1",
"Comment": "package EVR is earlier than 0:24.2.6.2-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:24.2.6.2-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

294
oval/c10f1/ALT-PU-2024-15239/tests.json Normal file
View File

@ -0,0 +1,294 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415239001",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239002",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-common is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239003",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-extensions is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239004",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-gtk3 is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239005",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-integrated is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239006",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-kde5 is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239007",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-be is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239008",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-de is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239009",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-el is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239010",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-es is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239011",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-fr is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239012",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-kk is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239013",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-ky is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239014",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-pt-BR is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239015",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-ru is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239016",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-tt is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239017",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-uk is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239018",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-langpack-uz is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239019",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-mimetypes is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239019"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239020",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-qt5 is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239020"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239021",
"Version": "1",
"Check": "all",
"Comment": "LibreOffice-still-sdk is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239021"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239022",
"Version": "1",
"Check": "all",
"Comment": "libreofficekit-still is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239022"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415239023",
"Version": "1",
"Check": "all",
"Comment": "libreofficekit-still-devel is earlier than 0:24.2.6.2-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415239023"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415239001"
}
}
]
}

107
oval/c9f2/ALT-PU-2024-15580/definitions.json Normal file
View File

@ -0,0 +1,107 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415580",
"Version": "oval:org.altlinux.errata:def:202415580",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15580: package `python3-module-pycryptodomex` update to version 3.20.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15580",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15580",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-00329",
"RefURL": "https://bdu.fstec.ru/vul/2024-00329",
"Source": "BDU"
},
{
"RefID": "CVE-2023-52323",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52323",
"Source": "CVE"
}
],
"Description": "This update upgrades python3-module-pycryptodomex to version 3.20.0-alt1. \nSecurity Fix(es):\n\n * BDU:2024-00329: Уязвимость библиотек для генерации биткоин-адресов и приватных ключей PyCryptodome и PyCryptodomeX, связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * CVE-2023-52323: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.\n\n * #49419: \u003e= 3.19.1",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-18"
},
"Updated": {
"Date": "2024-11-18"
},
"BDUs": [
{
"ID": "BDU:2024-00329",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://bdu.fstec.ru/vul/2024-00329",
"Impact": "Low",
"Public": "20240104"
}
],
"CVEs": [
{
"ID": "CVE-2023-52323",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-203",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52323",
"Impact": "Low",
"Public": "20240105"
}
],
"Bugzilla": [
{
"ID": "49419",
"Href": "https://bugzilla.altlinux.org/49419",
"Data": "\u003e= 3.19.1"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415580001",
"Comment": "python3-module-pycryptodomex is earlier than 0:3.20.0-alt1"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-15580/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415580001",
"Version": "1",
"Comment": "python3-module-pycryptodomex is installed",
"Name": "python3-module-pycryptodomex"
}
]
}

23
oval/c9f2/ALT-PU-2024-15580/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415580001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.20.0-alt1",
"Arch": {},
"EVR": {
"Text": "0:3.20.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-15580/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415580001",
"Version": "1",
"Check": "all",
"Comment": "python3-module-pycryptodomex is earlier than 0:3.20.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415580001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415580001"
}
}
]
}

109
oval/p10/ALT-PU-2024-15503/definitions.json Normal file
View File

@ -0,0 +1,109 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415503",
"Version": "oval:org.altlinux.errata:def:202415503",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15503: package `stellarium` update to version 24.3-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15503",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15503",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-28371",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28371",
"Source": "CVE"
}
],
"Description": "This update upgrades stellarium to version 24.3-alt0.p10.1. \nSecurity Fix(es):\n\n * CVE-2023-28371: In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-18"
},
"Updated": {
"Date": "2024-11-18"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2023-28371",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-22",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28371",
"Impact": "Critical",
"Public": "20230315"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415503001",
"Comment": "stellarium is earlier than 0:24.3-alt0.p10.1"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-15503/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415503001",
"Version": "1",
"Comment": "stellarium is installed",
"Name": "stellarium"
}
]
}

23
oval/p10/ALT-PU-2024-15503/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415503001",
"Version": "1",
"Comment": "package EVR is earlier than 0:24.3-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:24.3-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-15503/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415503001",
"Version": "1",
"Check": "all",
"Comment": "stellarium is earlier than 0:24.3-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415503001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415503001"
}
}
]
}

109
oval/p10/ALT-PU-2024-15584/definitions.json Normal file
View File

@ -0,0 +1,109 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415584",
"Version": "oval:org.altlinux.errata:def:202415584",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15584: package `nextcloud` update to version 30.0.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15584",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15584",
"Source": "ALTPU"
}
],
"Description": "This update upgrades nextcloud to version 30.0.2-alt1. \nSecurity Fix(es):\n\n * #52028: Nextcloud большое количество процессов httpd",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-18"
},
"Updated": {
"Date": "2024-11-18"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "52028",
"Href": "https://bugzilla.altlinux.org/52028",
"Data": "Nextcloud большое количество процессов httpd"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415584001",
"Comment": "nextcloud is earlier than 0:30.0.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415584002",
"Comment": "nextcloud-apache2 is earlier than 0:30.0.2-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415584003",
"Comment": "nextcloud-nginx is earlier than 0:30.0.2-alt1"
}
]
}
]
}
}
]
}

46
oval/p10/ALT-PU-2024-15584/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415584001",
"Version": "1",
"Comment": "nextcloud is installed",
"Name": "nextcloud"
},
{
"ID": "oval:org.altlinux.errata:obj:202415584002",
"Version": "1",
"Comment": "nextcloud-apache2 is installed",
"Name": "nextcloud-apache2"
},
{
"ID": "oval:org.altlinux.errata:obj:202415584003",
"Version": "1",
"Comment": "nextcloud-nginx is installed",
"Name": "nextcloud-nginx"
}
]
}

23
oval/p10/ALT-PU-2024-15584/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415584001",
"Version": "1",
"Comment": "package EVR is earlier than 0:30.0.2-alt1",
"Arch": {},
"EVR": {
"Text": "0:30.0.2-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-15584/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415584001",
"Version": "1",
"Check": "all",
"Comment": "nextcloud is earlier than 0:30.0.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415584001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415584001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415584002",
"Version": "1",
"Check": "all",
"Comment": "nextcloud-apache2 is earlier than 0:30.0.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415584002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415584001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415584003",
"Version": "1",
"Check": "all",
"Comment": "nextcloud-nginx is earlier than 0:30.0.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415584003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415584001"
}
}
]
}

175
oval/p10/ALT-PU-2024-15679/definitions.json Normal file
View File

@ -0,0 +1,175 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415679",
"Version": "oval:org.altlinux.errata:def:202415679",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15679: package `clamav` update to version 0.103.12-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15679",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15679",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-06743",
"RefURL": "https://bdu.fstec.ru/vul/2024-06743",
"Source": "BDU"
},
{
"RefID": "BDU:2024-07098",
"RefURL": "https://bdu.fstec.ru/vul/2024-07098",
"Source": "BDU"
},
{
"RefID": "CVE-2024-20505",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20505",
"Source": "CVE"
},
{
"RefID": "CVE-2024-20506",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-20506",
"Source": "CVE"
}
],
"Description": "This update upgrades clamav to version 0.103.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-06743: Уязвимость компонента анализа pdf-файлов пакета антивирусных программ ClamAV, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-07098: Уязвимость службы ClamD пакета антивирусных программ ClamAV, позволяющая нарушителю нарушить целостность системных файлов или вызвать отказ в обслуживании\n\n * CVE-2024-20505: A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.\n\n * CVE-2024-20506: A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\n\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-18"
},
"Updated": {
"Date": "2024-11-18"
},
"BDUs": [
{
"ID": "BDU:2024-06743",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-06743",
"Impact": "High",
"Public": "20240904"
},
{
"ID": "BDU:2024-07098",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:P/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-754",
"Href": "https://bdu.fstec.ru/vul/2024-07098",
"Impact": "Low",
"Public": "20240904"
}
],
"CVEs": [
{
"ID": "CVE-2024-20505",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20505",
"Impact": "High",
"Public": "20240904"
},
{
"ID": "CVE-2024-20506",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-754",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-20506",
"Impact": "Low",
"Public": "20240904"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415679001",
"Comment": "clamav is earlier than 0:0.103.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415679002",
"Comment": "clamav-clamonacc is earlier than 0:0.103.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415679003",
"Comment": "clamav-freshclam is earlier than 0:0.103.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415679004",
"Comment": "clamav-manual is earlier than 0:0.103.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415679005",
"Comment": "clamav-milter is earlier than 0:0.103.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415679006",
"Comment": "libclamav-devel is earlier than 0:0.103.12-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415679007",
"Comment": "libclamav9 is earlier than 0:0.103.12-alt1"
}
]
}
]
}
}
]
}

70
oval/p10/ALT-PU-2024-15679/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415679001",
"Version": "1",
"Comment": "clamav is installed",
"Name": "clamav"
},
{
"ID": "oval:org.altlinux.errata:obj:202415679002",
"Version": "1",
"Comment": "clamav-clamonacc is installed",
"Name": "clamav-clamonacc"
},
{
"ID": "oval:org.altlinux.errata:obj:202415679003",
"Version": "1",
"Comment": "clamav-freshclam is installed",
"Name": "clamav-freshclam"
},
{
"ID": "oval:org.altlinux.errata:obj:202415679004",
"Version": "1",
"Comment": "clamav-manual is installed",
"Name": "clamav-manual"
},
{
"ID": "oval:org.altlinux.errata:obj:202415679005",
"Version": "1",
"Comment": "clamav-milter is installed",
"Name": "clamav-milter"
},
{
"ID": "oval:org.altlinux.errata:obj:202415679006",
"Version": "1",
"Comment": "libclamav-devel is installed",
"Name": "libclamav-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202415679007",
"Version": "1",
"Comment": "libclamav9 is installed",
"Name": "libclamav9"
}
]
}

23
oval/p10/ALT-PU-2024-15679/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415679001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.103.12-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.103.12-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/p10/ALT-PU-2024-15679/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415679001",
"Version": "1",
"Check": "all",
"Comment": "clamav is earlier than 0:0.103.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415679001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415679001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415679002",
"Version": "1",
"Check": "all",
"Comment": "clamav-clamonacc is earlier than 0:0.103.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415679002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415679001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415679003",
"Version": "1",
"Check": "all",
"Comment": "clamav-freshclam is earlier than 0:0.103.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415679003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415679001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415679004",
"Version": "1",
"Check": "all",
"Comment": "clamav-manual is earlier than 0:0.103.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415679004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415679001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415679005",
"Version": "1",
"Check": "all",
"Comment": "clamav-milter is earlier than 0:0.103.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415679005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415679001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415679006",
"Version": "1",
"Check": "all",
"Comment": "libclamav-devel is earlier than 0:0.103.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415679006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415679001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415679007",
"Version": "1",
"Check": "all",
"Comment": "libclamav9 is earlier than 0:0.103.12-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415679007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415679001"
}
}
]
}

166
oval/p10/ALT-PU-2024-15710/definitions.json Normal file
View File

@ -0,0 +1,166 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202415710",
"Version": "oval:org.altlinux.errata:def:202415710",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-15710: package `sendmail` update to version 8.18.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-15710",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-15710",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-02339",
"RefURL": "https://bdu.fstec.ru/vul/2024-02339",
"Source": "BDU"
},
{
"RefID": "CVE-2021-3618",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-3618",
"Source": "CVE"
},
{
"RefID": "CVE-2023-51765",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-51765",
"Source": "CVE"
}
],
"Description": "This update upgrades sendmail to version 8.18.1-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02339: Уязвимость программного обеспечения SendMail SMTP Server , связанная с недостаточной проверкой подлинности данных, позволяющая нарушителю обойти механизм защиты и внедрить сообщения электронной почты с поддельным адресом MAIL FROM\n\n * CVE-2021-3618: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.\n\n * CVE-2023-51765: sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports \u003cLF\u003e.\u003cCR\u003e\u003cLF\u003e but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-18"
},
"Updated": {
"Date": "2024-11-18"
},
"BDUs": [
{
"ID": "BDU:2024-02339",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-345",
"Href": "https://bdu.fstec.ru/vul/2024-02339",
"Impact": "Low",
"Public": "20231224"
}
],
"CVEs": [
{
"ID": "CVE-2021-3618",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3618",
"Impact": "High",
"Public": "20220323"
},
{
"ID": "CVE-2023-51765",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-345",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-51765",
"Impact": "Low",
"Public": "20231224"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202415710001",
"Comment": "libmilter is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415710002",
"Comment": "makemap is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415710003",
"Comment": "sendmail is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415710004",
"Comment": "sendmail-cf is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415710005",
"Comment": "sendmail-devel is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415710006",
"Comment": "sendmail-doc is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415710007",
"Comment": "sendmail-submit is earlier than 0:8.18.1-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202415710008",
"Comment": "vacation is earlier than 0:8.18.1-alt1"
}
]
}
]
}
}
]
}

76
oval/p10/ALT-PU-2024-15710/objects.json Normal file
View File

@ -0,0 +1,76 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202415710001",
"Version": "1",
"Comment": "libmilter is installed",
"Name": "libmilter"
},
{
"ID": "oval:org.altlinux.errata:obj:202415710002",
"Version": "1",
"Comment": "makemap is installed",
"Name": "makemap"
},
{
"ID": "oval:org.altlinux.errata:obj:202415710003",
"Version": "1",
"Comment": "sendmail is installed",
"Name": "sendmail"
},
{
"ID": "oval:org.altlinux.errata:obj:202415710004",
"Version": "1",
"Comment": "sendmail-cf is installed",
"Name": "sendmail-cf"
},
{
"ID": "oval:org.altlinux.errata:obj:202415710005",
"Version": "1",
"Comment": "sendmail-devel is installed",
"Name": "sendmail-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202415710006",
"Version": "1",
"Comment": "sendmail-doc is installed",
"Name": "sendmail-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202415710007",
"Version": "1",
"Comment": "sendmail-submit is installed",
"Name": "sendmail-submit"
},
{
"ID": "oval:org.altlinux.errata:obj:202415710008",
"Version": "1",
"Comment": "vacation is installed",
"Name": "vacation"
}
]
}

23
oval/p10/ALT-PU-2024-15710/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202415710001",
"Version": "1",
"Comment": "package EVR is earlier than 0:8.18.1-alt1",
"Arch": {},
"EVR": {
"Text": "0:8.18.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

114
oval/p10/ALT-PU-2024-15710/tests.json Normal file
View File

@ -0,0 +1,114 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202415710001",
"Version": "1",
"Check": "all",
"Comment": "libmilter is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415710001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415710001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415710002",
"Version": "1",
"Check": "all",
"Comment": "makemap is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415710002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415710001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415710003",
"Version": "1",
"Check": "all",
"Comment": "sendmail is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415710003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415710001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415710004",
"Version": "1",
"Check": "all",
"Comment": "sendmail-cf is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415710004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415710001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415710005",
"Version": "1",
"Check": "all",
"Comment": "sendmail-devel is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415710005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415710001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415710006",
"Version": "1",
"Check": "all",
"Comment": "sendmail-doc is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415710006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415710001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415710007",
"Version": "1",
"Check": "all",
"Comment": "sendmail-submit is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415710007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415710001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202415710008",
"Version": "1",
"Check": "all",
"Comment": "vacation is earlier than 0:8.18.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202415710008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202415710001"
}
}
]
}