pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2025-01-11 03:05:27 +00:00
parent f7996528f0
commit b6c1e507ca
25 changed files with 1174 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oval/c10f1/ALT-PU-2020-3130/definitions.json
View File

@ -80,7 +80,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades glpi to version 9.5.2-alt2. \nSecurity Fix(es):\n\n * BDU:2020-04793: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04794: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04845: Уязвимость функции «Clone» системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю выполнить произвольные SQL команды\n\n * CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.\n\n * CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of \"Clone\" feature. This has been fixed in 9.5.1.\n\n * CVE-2020-15175: In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.\n\n * CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2\n\n * CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.\n\n * CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.\n\n * CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.\n\n * CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.",
"Description": "This update upgrades glpi to version 9.5.2-alt2. \nSecurity Fix(es):\n\n * BDU:2020-04793: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04794: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04845: Уязвимость функции Clone системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю выполнить произвольные SQL команды\n\n * CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.\n\n * CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of \"Clone\" feature. This has been fixed in 9.5.1.\n\n * CVE-2020-15175: In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.\n\n * CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2\n\n * CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.\n\n * CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.\n\n * CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.\n\n * CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",

175
oval/c10f1/ALT-PU-2025-1041/definitions.json Normal file
View File

@ -0,0 +1,175 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20251041",
"Version": "oval:org.altlinux.errata:def:20251041",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2025-1041: package `mosquitto` update to version 2.0.20-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2025-1041",
"RefURL": "https://errata.altlinux.org/ALT-PU-2025-1041",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-05834",
"RefURL": "https://bdu.fstec.ru/vul/2023-05834",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04210",
"RefURL": "https://bdu.fstec.ru/vul/2024-04210",
"Source": "BDU"
},
{
"RefID": "BDU:2024-04213",
"RefURL": "https://bdu.fstec.ru/vul/2024-04213",
"Source": "BDU"
},
{
"RefID": "CVE-2023-0809",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-0809",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28366",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28366",
"Source": "CVE"
},
{
"RefID": "CVE-2023-3592",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3592",
"Source": "CVE"
},
{
"RefID": "CVE-2024-8376",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-8376",
"Source": "CVE"
}
],
"Description": "This update upgrades mosquitto to version 2.0.20-alt1. \nSecurity Fix(es):\n\n * BDU:2023-05834: Уязвимость брокера сообщений Eclipse Mosquitto, связанная с ошибкой освобождения памяти, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04210: Уязвимость компонента CONNECT брокера сообщений Eclipse Mosquitto, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-04213: Уязвимость компонента CONNECT v5 брокера сообщений Eclipse Mosquitto, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-0809: In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.\n\n * CVE-2023-28366: The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.\n\n * CVE-2023-3592: In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.\n\n\n * CVE-2024-8376: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2025-01-10"
},
"Updated": {
"Date": "2025-01-10"
},
"BDUs": [
{
"ID": "BDU:2023-05834",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2023-05834",
"Impact": "High",
"Public": "20230816"
},
{
"ID": "BDU:2024-04210",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"CWE": "CWE-770",
"Href": "https://bdu.fstec.ru/vul/2024-04210",
"Impact": "Low",
"Public": "20231002"
},
{
"ID": "BDU:2024-04213",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2024-04213",
"Impact": "High",
"Public": "20231002"
}
],
"CVEs": [
{
"ID": "CVE-2023-0809",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-0809",
"Impact": "Low",
"Public": "20231002"
},
{
"ID": "CVE-2023-28366",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28366",
"Impact": "High",
"Public": "20230901"
},
{
"ID": "CVE-2023-3592",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3592",
"Impact": "High",
"Public": "20231002"
},
{
"ID": "CVE-2024-8376",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-8376",
"Impact": "High",
"Public": "20241011"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20251041001",
"Comment": "libmosquitto is earlier than 0:2.0.20-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251041002",
"Comment": "libmosquitto-devel is earlier than 0:2.0.20-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251041003",
"Comment": "mosquitto is earlier than 0:2.0.20-alt1"
}
]
}
]
}
}
]
}

46
oval/c10f1/ALT-PU-2025-1041/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20251041001",
"Version": "1",
"Comment": "libmosquitto is installed",
"Name": "libmosquitto"
},
{
"ID": "oval:org.altlinux.errata:obj:20251041002",
"Version": "1",
"Comment": "libmosquitto-devel is installed",
"Name": "libmosquitto-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20251041003",
"Version": "1",
"Comment": "mosquitto is installed",
"Name": "mosquitto"
}
]
}

23
oval/c10f1/ALT-PU-2025-1041/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20251041001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.0.20-alt1",
"Arch": {},
"EVR": {
"Text": "0:2.0.20-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f1/ALT-PU-2025-1041/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20251041001",
"Version": "1",
"Check": "all",
"Comment": "libmosquitto is earlier than 0:2.0.20-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251041001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251041001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251041002",
"Version": "1",
"Check": "all",
"Comment": "libmosquitto-devel is earlier than 0:2.0.20-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251041002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251041001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251041003",
"Version": "1",
"Check": "all",
"Comment": "mosquitto is earlier than 0:2.0.20-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251041003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251041001"
}
}
]
}

111
oval/c10f1/ALT-PU-2025-1086/definitions.json Normal file
View File

@ -0,0 +1,111 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20251086",
"Version": "oval:org.altlinux.errata:def:20251086",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2025-1086: package `fdkaac` update to version 1.0.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2025-1086",
"RefURL": "https://errata.altlinux.org/ALT-PU-2025-1086",
"Source": "ALTPU"
},
{
"RefID": "CVE-2022-36148",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-36148",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34823",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34823",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34824",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34824",
"Source": "CVE"
}
],
"Description": "This update upgrades fdkaac to version 1.0.5-alt1. \nSecurity Fix(es):\n\n * CVE-2022-36148: fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c.\n\n * CVE-2023-34823: fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c.\n\n * CVE-2023-34824: fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2025-01-10"
},
"Updated": {
"Date": "2025-01-10"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2022-36148",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-697",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-36148",
"Impact": "Low",
"Public": "20220816"
},
{
"ID": "CVE-2023-34823",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34823",
"Impact": "Low",
"Public": "20230614"
},
{
"ID": "CVE-2023-34824",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34824",
"Impact": "Low",
"Public": "20230614"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20251086001",
"Comment": "fdkaac is earlier than 0:1.0.5-alt1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2025-1086/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20251086001",
"Version": "1",
"Comment": "fdkaac is installed",
"Name": "fdkaac"
}
]
}

23
oval/c10f1/ALT-PU-2025-1086/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20251086001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.0.5-alt1",
"Arch": {},
"EVR": {
"Text": "0:1.0.5-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2025-1086/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20251086001",
"Version": "1",
"Check": "all",
"Comment": "fdkaac is earlier than 0:1.0.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251086001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251086001"
}
}
]
}

2
oval/c9f2/ALT-PU-2024-8094/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p10/ALT-PU-2020-3130/definitions.json
View File

@ -86,7 +86,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades glpi to version 9.5.2-alt2. \nSecurity Fix(es):\n\n * BDU:2020-04793: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04794: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04845: Уязвимость функции «Clone» системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю выполнить произвольные SQL команды\n\n * CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.\n\n * CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of \"Clone\" feature. This has been fixed in 9.5.1.\n\n * CVE-2020-15175: In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.\n\n * CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2\n\n * CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.\n\n * CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.\n\n * CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.\n\n * CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.",
"Description": "This update upgrades glpi to version 9.5.2-alt2. \nSecurity Fix(es):\n\n * BDU:2020-04793: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04794: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04845: Уязвимость функции Clone системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю выполнить произвольные SQL команды\n\n * CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.\n\n * CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of \"Clone\" feature. This has been fixed in 9.5.1.\n\n * CVE-2020-15175: In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.\n\n * CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2\n\n * CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.\n\n * CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.\n\n * CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.\n\n * CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",

2
oval/p11/ALT-PU-2020-3130/definitions.json
View File

@ -79,7 +79,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades glpi to version 9.5.2-alt2. \nSecurity Fix(es):\n\n * BDU:2020-04793: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04794: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04845: Уязвимость функции «Clone» системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю выполнить произвольные SQL команды\n\n * CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.\n\n * CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of \"Clone\" feature. This has been fixed in 9.5.1.\n\n * CVE-2020-15175: In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.\n\n * CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2\n\n * CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.\n\n * CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.\n\n * CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.\n\n * CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.",
"Description": "This update upgrades glpi to version 9.5.2-alt2. \nSecurity Fix(es):\n\n * BDU:2020-04793: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04794: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04845: Уязвимость функции Clone системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю выполнить произвольные SQL команды\n\n * CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.\n\n * CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of \"Clone\" feature. This has been fixed in 9.5.1.\n\n * CVE-2020-15175: In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.\n\n * CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2\n\n * CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.\n\n * CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.\n\n * CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.\n\n * CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",

75
oval/p11/ALT-PU-2024-17846/definitions.json Normal file
View File

@ -0,0 +1,75 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417846",
"Version": "oval:org.altlinux.errata:def:202417846",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17846: package `esbuild` update to version 0.24.2-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17846",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17846",
"Source": "ALTPU"
}
],
"Description": "This update upgrades esbuild to version 0.24.2-alt1. \nSecurity Fix(es):\n\n * #52497: esbuild: too old",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2025-01-10"
},
"Updated": {
"Date": "2025-01-10"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "52497",
"Href": "https://bugzilla.altlinux.org/52497",
"Data": "esbuild: too old"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417846001",
"Comment": "esbuild is earlier than 0:0.24.2-alt1"
}
]
}
]
}
}
]
}

34
oval/p11/ALT-PU-2024-17846/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417846001",
"Version": "1",
"Comment": "esbuild is installed",
"Name": "esbuild"
}
]
}

23
oval/p11/ALT-PU-2024-17846/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417846001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.24.2-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.24.2-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p11/ALT-PU-2024-17846/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417846001",
"Version": "1",
"Check": "all",
"Comment": "esbuild is earlier than 0:0.24.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417846001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417846001"
}
}
]
}

108
oval/p11/ALT-PU-2024-17848/definitions.json Normal file
View File

@ -0,0 +1,108 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417848",
"Version": "oval:org.altlinux.errata:def:202417848",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17848: package `navidrome` update to version 0.54.3-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17848",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17848",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-08268",
"RefURL": "https://bdu.fstec.ru/vul/2024-08268",
"Source": "BDU"
},
{
"RefID": "CVE-2024-47062",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-47062",
"Source": "CVE"
},
{
"RefID": "CVE-2024-56362",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-56362",
"Source": "CVE"
}
],
"Description": "This update upgrades navidrome to version 0.54.3-alt1. \nSecurity Fix(es):\n\n * BDU:2024-08268: Уязвимость медиасервера Navidrome, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код и раскрыть защищаемую информацию\n\n * CVE-2024-47062: Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n * CVE-2024-56362: Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2025-01-10"
},
"Updated": {
"Date": "2025-01-10"
},
"BDUs": [
{
"ID": "BDU:2024-08268",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://bdu.fstec.ru/vul/2024-08268",
"Impact": "Critical",
"Public": "20240915"
}
],
"CVEs": [
{
"ID": "CVE-2024-47062",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-47062",
"Impact": "None",
"Public": "20240920"
},
{
"ID": "CVE-2024-56362",
"CWE": "CWE-312",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-56362",
"Impact": "None",
"Public": "20241223"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417848001",
"Comment": "navidrome is earlier than 0:0.54.3-alt1"
}
]
}
]
}
}
]
}

34
oval/p11/ALT-PU-2024-17848/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202417848001",
"Version": "1",
"Comment": "navidrome is installed",
"Name": "navidrome"
}
]
}

23
oval/p11/ALT-PU-2024-17848/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202417848001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.54.3-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.54.3-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p11/ALT-PU-2024-17848/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202417848001",
"Version": "1",
"Check": "all",
"Comment": "navidrome is earlier than 0:0.54.3-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202417848001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202417848001"
}
}
]
}

103
oval/p11/ALT-PU-2025-1035/definitions.json Normal file
View File

@ -0,0 +1,103 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20251035",
"Version": "oval:org.altlinux.errata:def:20251035",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2025-1035: package `lazarus` update to version 3.6-alt3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2025-1035",
"RefURL": "https://errata.altlinux.org/ALT-PU-2025-1035",
"Source": "ALTPU"
}
],
"Description": "This update upgrades lazarus to version 3.6-alt3. \nSecurity Fix(es):\n\n * #49932: Добавить подпакет qt6pas",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2025-01-10"
},
"Updated": {
"Date": "2025-01-10"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "49932",
"Href": "https://bugzilla.altlinux.org/49932",
"Data": "Добавить подпакет qt6pas"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20251035001",
"Comment": "lazarus is earlier than 1:3.6-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251035002",
"Comment": "lazarus-additional is earlier than 1:3.6-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251035003",
"Comment": "lazarus-gtk is earlier than 1:3.6-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251035004",
"Comment": "lazarus-qt5 is earlier than 1:3.6-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251035005",
"Comment": "qt5pas is earlier than 1:3.6-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251035006",
"Comment": "qt5pas-devel is earlier than 1:3.6-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251035007",
"Comment": "qt6pas is earlier than 1:3.6-alt3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20251035008",
"Comment": "qt6pas-devel is earlier than 1:3.6-alt3"
}
]
}
]
}
}
]
}

76
oval/p11/ALT-PU-2025-1035/objects.json Normal file
View File

@ -0,0 +1,76 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20251035001",
"Version": "1",
"Comment": "lazarus is installed",
"Name": "lazarus"
},
{
"ID": "oval:org.altlinux.errata:obj:20251035002",
"Version": "1",
"Comment": "lazarus-additional is installed",
"Name": "lazarus-additional"
},
{
"ID": "oval:org.altlinux.errata:obj:20251035003",
"Version": "1",
"Comment": "lazarus-gtk is installed",
"Name": "lazarus-gtk"
},
{
"ID": "oval:org.altlinux.errata:obj:20251035004",
"Version": "1",
"Comment": "lazarus-qt5 is installed",
"Name": "lazarus-qt5"
},
{
"ID": "oval:org.altlinux.errata:obj:20251035005",
"Version": "1",
"Comment": "qt5pas is installed",
"Name": "qt5pas"
},
{
"ID": "oval:org.altlinux.errata:obj:20251035006",
"Version": "1",
"Comment": "qt5pas-devel is installed",
"Name": "qt5pas-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20251035007",
"Version": "1",
"Comment": "qt6pas is installed",
"Name": "qt6pas"
},
{
"ID": "oval:org.altlinux.errata:obj:20251035008",
"Version": "1",
"Comment": "qt6pas-devel is installed",
"Name": "qt6pas-devel"
}
]
}

23
oval/p11/ALT-PU-2025-1035/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20251035001",
"Version": "1",
"Comment": "package EVR is earlier than 1:3.6-alt3",
"Arch": {},
"EVR": {
"Text": "1:3.6-alt3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

114
oval/p11/ALT-PU-2025-1035/tests.json Normal file
View File

@ -0,0 +1,114 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20251035001",
"Version": "1",
"Check": "all",
"Comment": "lazarus is earlier than 1:3.6-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251035001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251035001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251035002",
"Version": "1",
"Check": "all",
"Comment": "lazarus-additional is earlier than 1:3.6-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251035002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251035001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251035003",
"Version": "1",
"Check": "all",
"Comment": "lazarus-gtk is earlier than 1:3.6-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251035003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251035001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251035004",
"Version": "1",
"Check": "all",
"Comment": "lazarus-qt5 is earlier than 1:3.6-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251035004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251035001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251035005",
"Version": "1",
"Check": "all",
"Comment": "qt5pas is earlier than 1:3.6-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251035005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251035001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251035006",
"Version": "1",
"Check": "all",
"Comment": "qt5pas-devel is earlier than 1:3.6-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251035006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251035001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251035007",
"Version": "1",
"Check": "all",
"Comment": "qt6pas is earlier than 1:3.6-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251035007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251035001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20251035008",
"Version": "1",
"Check": "all",
"Comment": "qt6pas-devel is earlier than 1:3.6-alt3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20251035008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20251035001"
}
}
]
}

2
oval/p9/ALT-PU-2020-3162/definitions.json
View File

@ -85,7 +85,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades glpi to version 9.5.2-alt2. \nSecurity Fix(es):\n\n * BDU:2020-04793: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04794: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04845: Уязвимость функции «Clone» системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю выполнить произвольные SQL команды\n\n * CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.\n\n * CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of \"Clone\" feature. This has been fixed in 9.5.1.\n\n * CVE-2020-15175: In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.\n\n * CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2\n\n * CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.\n\n * CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.\n\n * CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.\n\n * CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.",
"Description": "This update upgrades glpi to version 9.5.2-alt2. \nSecurity Fix(es):\n\n * BDU:2020-04793: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04794: Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с некорректной нейтрализацией специальных элементов, используемых в SQL-командах, позволяющая нарушителю выполнить произвольные SQL-запросы к базе данных в целевой системе\n\n * BDU:2020-04845: Уязвимость функции Clone системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю выполнить произвольные SQL команды\n\n * CVE-2020-11031: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.\n\n * CVE-2020-15108: In glpi before 9.5.1, there is a SQL injection for all usages of \"Clone\" feature. This has been fixed in 9.5.1.\n\n * CVE-2020-15175: In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.\n\n * CVE-2020-15176: In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2\n\n * CVE-2020-15177: In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.\n\n * CVE-2020-15217: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.\n\n * CVE-2020-15226: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.\n\n * CVE-2021-44617: A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",