From af6c989983ab6b5382229df846a8b2de07a2e8da Mon Sep 17 00:00:00 2001 From: pepelyaevip Date: Tue, 19 Mar 2024 15:02:37 +0000 Subject: [PATCH] ALT Vulnerability --- oval/p10/ALT-PU-2024-3721/definitions.json | 109 +++++++++++++++++++++ oval/p10/ALT-PU-2024-3721/objects.json | 46 +++++++++ oval/p10/ALT-PU-2024-3721/states.json | 23 +++++ oval/p10/ALT-PU-2024-3721/tests.json | 54 ++++++++++ 4 files changed, 232 insertions(+) create mode 100644 oval/p10/ALT-PU-2024-3721/definitions.json create mode 100644 oval/p10/ALT-PU-2024-3721/objects.json create mode 100644 oval/p10/ALT-PU-2024-3721/states.json create mode 100644 oval/p10/ALT-PU-2024-3721/tests.json diff --git a/oval/p10/ALT-PU-2024-3721/definitions.json b/oval/p10/ALT-PU-2024-3721/definitions.json new file mode 100644 index 0000000000..c2564d273b --- /dev/null +++ b/oval/p10/ALT-PU-2024-3721/definitions.json @@ -0,0 +1,109 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:20243721", + "Version": "oval:org.altlinux.errata:def:20243721", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-3721: package `p7zip` update to version 17.05-alt2", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-3721", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-3721", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades p7zip to version 17.05-alt2. \nSecurity Fix(es):\n\n * #45641: При распаковке zip архива сообщает об уже существующем файле", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-03-19" + }, + "Updated": { + "Date": "2024-03-19" + }, + "bdu": null, + "Bugzilla": [ + { + "Id": "45641", + "Href": "https://bugzilla.altlinux.org/45641", + "Data": "При распаковке zip архива сообщает об уже существующем файле" + } + ], + "AffectedCpeList": { + "Cpe": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:20243721001", + "Comment": "p7zip is earlier than 0:17.05-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243721002", + "Comment": "p7zip-devel is earlier than 0:17.05-alt2" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:20243721003", + "Comment": "p7zip-standalone is earlier than 0:17.05-alt2" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-3721/objects.json b/oval/p10/ALT-PU-2024-3721/objects.json new file mode 100644 index 0000000000..8d48b88e95 --- /dev/null +++ b/oval/p10/ALT-PU-2024-3721/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "comment": "Evaluate `/etc/os-release` file content", + "Path": { + "dataType": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RpmInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:20243721001", + "Version": "1", + "comment": "p7zip is installed", + "Name": "p7zip" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243721002", + "Version": "1", + "comment": "p7zip-devel is installed", + "Name": "p7zip-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:20243721003", + "Version": "1", + "comment": "p7zip-standalone is installed", + "Name": "p7zip-standalone" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-3721/states.json b/oval/p10/ALT-PU-2024-3721/states.json new file mode 100644 index 0000000000..a77639f0e8 --- /dev/null +++ b/oval/p10/ALT-PU-2024-3721/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RpmInfoState": [ + { + "ID": "oval:org.altlinux.errata:ste:20243721001", + "Version": "1", + "Comment": "package EVR is earlier than 0:17.05-alt2", + "Arch": {}, + "Evr": { + "Text": "0:17.05-alt2", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-3721/tests.json b/oval/p10/ALT-PU-2024-3721/tests.json new file mode 100644 index 0000000000..dce2942be3 --- /dev/null +++ b/oval/p10/ALT-PU-2024-3721/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:20243721001", + "Version": "1", + "Check": "all", + "Comment": "p7zip is earlier than 0:17.05-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243721001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243721001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243721002", + "Version": "1", + "Check": "all", + "Comment": "p7zip-devel is earlier than 0:17.05-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243721002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243721001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:20243721003", + "Version": "1", + "Check": "all", + "Comment": "p7zip-standalone is earlier than 0:17.05-alt2", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:20243721003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:20243721001" + } + } + ] +} \ No newline at end of file