pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-12-06 03:05:33 +00:00
parent 1738663895
commit b7fb1de7b3
32 changed files with 3217 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
oval/c10f1/ALT-PU-2024-16525/definitions.json Normal file
View File

@ -0,0 +1,122 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416525",
"Version": "oval:org.altlinux.errata:def:202416525",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16525: package `helm` update to version 3.12.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16525",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16525",
"Source": "ALTPU"
},
{
"RefID": "CVE-2022-23524",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23524",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23525",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23525",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23526",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23526",
"Source": "CVE"
},
{
"RefID": "CVE-2023-25165",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-25165",
"Source": "CVE"
}
],
"Description": "This update upgrades helm to version 3.12.0-alt1. \nSecurity Fix(es):\n\n * CVE-2022-23524: Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.\n\n * CVE-2022-23525: Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.\n\n * CVE-2022-23526: Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.\n\n * CVE-2023-25165: Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-05"
},
"Updated": {
"Date": "2024-12-05"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2022-23524",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23524",
"Impact": "High",
"Public": "20221215"
},
{
"ID": "CVE-2022-23525",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23525",
"Impact": "High",
"Public": "20221215"
},
{
"ID": "CVE-2022-23526",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23526",
"Impact": "High",
"Public": "20221215"
},
{
"ID": "CVE-2023-25165",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-25165",
"Impact": "Low",
"Public": "20230208"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416525001",
"Comment": "helm is earlier than 0:3.12.0-alt1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-16525/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416525001",
"Version": "1",
"Comment": "helm is installed",
"Name": "helm"
}
]
}

23
oval/c10f1/ALT-PU-2024-16525/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416525001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.12.0-alt1",
"Arch": {},
"EVR": {
"Text": "0:3.12.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-16525/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416525001",
"Version": "1",
"Check": "all",
"Comment": "helm is earlier than 0:3.12.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416525001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416525001"
}
}
]
}

192
oval/c10f1/ALT-PU-2024-16562/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

40
oval/c10f1/ALT-PU-2024-16562/objects.json Normal file
View File

@ -0,0 +1,40 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416562001",
"Version": "1",
"Comment": "postgresql-jdbc is installed",
"Name": "postgresql-jdbc"
},
{
"ID": "oval:org.altlinux.errata:obj:202416562002",
"Version": "1",
"Comment": "postgresql-jdbc-javadoc is installed",
"Name": "postgresql-jdbc-javadoc"
}
]
}

23
oval/c10f1/ALT-PU-2024-16562/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416562001",
"Version": "1",
"Comment": "package EVR is earlier than 0:42.6.2-alt1",
"Arch": {},
"EVR": {
"Text": "0:42.6.2-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

42
oval/c10f1/ALT-PU-2024-16562/tests.json Normal file
View File

@ -0,0 +1,42 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416562001",
"Version": "1",
"Check": "all",
"Comment": "postgresql-jdbc is earlier than 0:42.6.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416562001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416562001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416562002",
"Version": "1",
"Check": "all",
"Comment": "postgresql-jdbc-javadoc is earlier than 0:42.6.2-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416562002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416562001"
}
}
]
}

136
oval/c9f2/ALT-PU-2024-16411/definitions.json Normal file
View File

@ -0,0 +1,136 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416411",
"Version": "oval:org.altlinux.errata:def:202416411",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16411: package `python3` update to version 3.7.17-alt5",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16411",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16411",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-08943",
"RefURL": "https://bdu.fstec.ru/vul/2024-08943",
"Source": "BDU"
},
{
"RefID": "CVE-2024-6232",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6232",
"Source": "CVE"
}
],
"Description": "This update upgrades python3 to version 3.7.17-alt5. \nSecurity Fix(es):\n\n * BDU:2024-08943: Уязвимость модуля tarfile интерпретатора языка программирования Python (CPython), позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2024-6232: There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-05"
},
"Updated": {
"Date": "2024-12-05"
},
"BDUs": [
{
"ID": "BDU:2024-08943",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-1333",
"Href": "https://bdu.fstec.ru/vul/2024-08943",
"Impact": "High",
"Public": "20240903"
}
],
"CVEs": [
{
"ID": "CVE-2024-6232",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-1333",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6232",
"Impact": "High",
"Public": "20240903"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416411001",
"Comment": "libpython3 is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411002",
"Comment": "python3 is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411003",
"Comment": "python3-base is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411004",
"Comment": "python3-dev is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411005",
"Comment": "python3-modules-curses is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411006",
"Comment": "python3-modules-nis is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411007",
"Comment": "python3-modules-sqlite3 is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411008",
"Comment": "python3-modules-tkinter is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411009",
"Comment": "python3-test is earlier than 0:3.7.17-alt5"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416411010",
"Comment": "python3-tools is earlier than 0:3.7.17-alt5"
}
]
}
]
}
}
]
}

88
oval/c9f2/ALT-PU-2024-16411/objects.json Normal file
View File

@ -0,0 +1,88 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416411001",
"Version": "1",
"Comment": "libpython3 is installed",
"Name": "libpython3"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411002",
"Version": "1",
"Comment": "python3 is installed",
"Name": "python3"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411003",
"Version": "1",
"Comment": "python3-base is installed",
"Name": "python3-base"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411004",
"Version": "1",
"Comment": "python3-dev is installed",
"Name": "python3-dev"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411005",
"Version": "1",
"Comment": "python3-modules-curses is installed",
"Name": "python3-modules-curses"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411006",
"Version": "1",
"Comment": "python3-modules-nis is installed",
"Name": "python3-modules-nis"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411007",
"Version": "1",
"Comment": "python3-modules-sqlite3 is installed",
"Name": "python3-modules-sqlite3"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411008",
"Version": "1",
"Comment": "python3-modules-tkinter is installed",
"Name": "python3-modules-tkinter"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411009",
"Version": "1",
"Comment": "python3-test is installed",
"Name": "python3-test"
},
{
"ID": "oval:org.altlinux.errata:obj:202416411010",
"Version": "1",
"Comment": "python3-tools is installed",
"Name": "python3-tools"
}
]
}

23
oval/c9f2/ALT-PU-2024-16411/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416411001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.7.17-alt5",
"Arch": {},
"EVR": {
"Text": "0:3.7.17-alt5",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

138
oval/c9f2/ALT-PU-2024-16411/tests.json Normal file
View File

@ -0,0 +1,138 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416411001",
"Version": "1",
"Check": "all",
"Comment": "libpython3 is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411002",
"Version": "1",
"Check": "all",
"Comment": "python3 is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411003",
"Version": "1",
"Check": "all",
"Comment": "python3-base is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411004",
"Version": "1",
"Check": "all",
"Comment": "python3-dev is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411005",
"Version": "1",
"Check": "all",
"Comment": "python3-modules-curses is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411006",
"Version": "1",
"Check": "all",
"Comment": "python3-modules-nis is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411007",
"Version": "1",
"Check": "all",
"Comment": "python3-modules-sqlite3 is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411008",
"Version": "1",
"Check": "all",
"Comment": "python3-modules-tkinter is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411009",
"Version": "1",
"Check": "all",
"Comment": "python3-test is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416411010",
"Version": "1",
"Check": "all",
"Comment": "python3-tools is earlier than 0:3.7.17-alt5",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416411010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416411001"
}
}
]
}

151
oval/p9/ALT-PU-2024-12934/definitions.json Normal file
View File

@ -0,0 +1,151 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202412934",
"Version": "oval:org.altlinux.errata:def:202412934",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-12934: package `keepass` update to version 2.54-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-12934",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-12934",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03124",
"RefURL": "https://bdu.fstec.ru/vul/2023-03124",
"Source": "BDU"
},
{
"RefID": "BDU:2023-07674",
"RefURL": "https://bdu.fstec.ru/vul/2023-07674",
"Source": "BDU"
},
{
"RefID": "CVE-2023-24055",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24055",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32784",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32784",
"Source": "CVE"
}
],
"Description": "This update upgrades keepass to version 2.54-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2023-03124: Уязвимость текстового поля для ввода пароля менеджера паролей KeePass, связанная с хранением учетных данных в незашифрованном виде, позволяющая нарушителю восстановить мастер-пароль в открытом виде\n\n * BDU:2023-07674: Уязвимость менеджера паролей KeePass, связанная с незашифрованным хранением критичной информации, позволяющая нарушителю получить пароли в открытом виде\n\n * CVE-2023-24055: KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.\n\n * CVE-2023-32784: In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-05"
},
"Updated": {
"Date": "2024-12-05"
},
"BDUs": [
{
"ID": "BDU:2023-03124",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03124",
"Impact": "High",
"Public": "20230515"
},
{
"ID": "BDU:2023-07674",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-312",
"Href": "https://bdu.fstec.ru/vul/2023-07674",
"Impact": "Low",
"Public": "20221209"
}
],
"CVEs": [
{
"ID": "CVE-2023-24055",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-312",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24055",
"Impact": "Low",
"Public": "20230122"
},
{
"ID": "CVE-2023-32784",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-319",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32784",
"Impact": "High",
"Public": "20230515"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202412934001",
"Comment": "keepass is earlier than 0:2.54-alt0.p10.1"
}
]
}
]
}
}
]
}

34
oval/p9/ALT-PU-2024-12934/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202412934001",
"Version": "1",
"Comment": "keepass is installed",
"Name": "keepass"
}
]
}

23
oval/p9/ALT-PU-2024-12934/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202412934001",
"Version": "1",
"Comment": "package EVR is earlier than 0:2.54-alt0.p10.1",
"Arch": {},
"EVR": {
"Text": "0:2.54-alt0.p10.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p9/ALT-PU-2024-12934/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202412934001",
"Version": "1",
"Check": "all",
"Comment": "keepass is earlier than 0:2.54-alt0.p10.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202412934001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202412934001"
}
}
]
}

305
oval/p9/ALT-PU-2024-13015/definitions.json Normal file
View File

@ -0,0 +1,305 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202413015",
"Version": "oval:org.altlinux.errata:def:202413015",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-13015: package `chicken` update to version 5.2.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-13015",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-13015",
"Source": "ALTPU"
},
{
"RefID": "CVE-2012-6122",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6122",
"Source": "CVE"
},
{
"RefID": "CVE-2012-6123",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6123",
"Source": "CVE"
},
{
"RefID": "CVE-2012-6124",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6124",
"Source": "CVE"
},
{
"RefID": "CVE-2012-6125",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-6125",
"Source": "CVE"
},
{
"RefID": "CVE-2013-1874",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1874",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2024",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2024",
"Source": "CVE"
},
{
"RefID": "CVE-2013-2075",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-2075",
"Source": "CVE"
},
{
"RefID": "CVE-2013-4385",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4385",
"Source": "CVE"
},
{
"RefID": "CVE-2014-3776",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3776",
"Source": "CVE"
},
{
"RefID": "CVE-2015-4556",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-4556",
"Source": "CVE"
},
{
"RefID": "CVE-2016-6830",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-6830",
"Source": "CVE"
},
{
"RefID": "CVE-2016-6831",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-6831",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11343",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11343",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9334",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9334",
"Source": "CVE"
}
],
"Description": "This update upgrades chicken to version 5.2.0-alt1. \nSecurity Fix(es):\n\n * CVE-2012-6122: Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.\n\n * CVE-2012-6123: Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct \"poisoned NUL byte attack.\"\n\n * CVE-2012-6124: A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states \"This function wasn't used for security purposes (and is advertised as being unsuitable).\"\n\n * CVE-2012-6125: Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.\n\n * CVE-2013-1874: Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.\n\n * CVE-2013-2024: OS command injection vulnerability in the \"qs\" procedure from the \"utils\" module in Chicken before 4.9.0.\n\n * CVE-2013-2075: Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122.\n\n * CVE-2013-4385: Buffer overflow in the \"read-string!\" procedure in the \"extras\" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument.\n\n * CVE-2014-3776: Buffer overflow in the \"read-u8vector!\" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument.\n\n * CVE-2015-4556: The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).\n\n * CVE-2016-6830: The \"process-execute\" and \"process-spawn\" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).\n\n * CVE-2016-6831: The \"process-execute\" and \"process-spawn\" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).\n\n * CVE-2017-11343: Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.\n\n * CVE-2017-9334: An incorrect \"pair?\" check in the Scheme \"length\" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls \"length\" on it.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-05"
},
"Updated": {
"Date": "2024-12-05"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2012-6122",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6122",
"Impact": "High",
"Public": "20191031"
},
{
"ID": "CVE-2012-6123",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6123",
"Impact": "Low",
"Public": "20191031"
},
{
"ID": "CVE-2012-6124",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-338",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6124",
"Impact": "Low",
"Public": "20191031"
},
{
"ID": "CVE-2012-6125",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-6125",
"Impact": "Critical",
"Public": "20191031"
},
{
"ID": "CVE-2013-1874",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-1874",
"Impact": "Low",
"Public": "20140929"
},
{
"ID": "CVE-2013-2024",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2024",
"Impact": "High",
"Public": "20191031"
},
{
"ID": "CVE-2013-2075",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-2075",
"Impact": "High",
"Public": "20191031"
},
{
"ID": "CVE-2013-4385",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4385",
"Impact": "High",
"Public": "20131009"
},
{
"ID": "CVE-2014-3776",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3776",
"Impact": "High",
"Public": "20140520"
},
{
"ID": "CVE-2015-4556",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-4556",
"Impact": "High",
"Public": "20170329"
},
{
"ID": "CVE-2016-6830",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-6830",
"Impact": "Critical",
"Public": "20170110"
},
{
"ID": "CVE-2016-6831",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-6831",
"Impact": "High",
"Public": "20170110"
},
{
"ID": "CVE-2017-11343",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-407",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11343",
"Impact": "High",
"Public": "20170717"
},
{
"ID": "CVE-2017-9334",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9334",
"Impact": "High",
"Public": "20170601"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202413015001",
"Comment": "chicken is earlier than 0:5.2.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413015002",
"Comment": "chicken-docs is earlier than 0:5.2.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413015003",
"Comment": "libchicken is earlier than 0:5.2.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413015004",
"Comment": "libchicken-devel is earlier than 0:5.2.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202413015005",
"Comment": "libchicken-devel-static is earlier than 0:5.2.0-alt1"
}
]
}
]
}
}
]
}

58
oval/p9/ALT-PU-2024-13015/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202413015001",
"Version": "1",
"Comment": "chicken is installed",
"Name": "chicken"
},
{
"ID": "oval:org.altlinux.errata:obj:202413015002",
"Version": "1",
"Comment": "chicken-docs is installed",
"Name": "chicken-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202413015003",
"Version": "1",
"Comment": "libchicken is installed",
"Name": "libchicken"
},
{
"ID": "oval:org.altlinux.errata:obj:202413015004",
"Version": "1",
"Comment": "libchicken-devel is installed",
"Name": "libchicken-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202413015005",
"Version": "1",
"Comment": "libchicken-devel-static is installed",
"Name": "libchicken-devel-static"
}
]
}

23
oval/p9/ALT-PU-2024-13015/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202413015001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.2.0-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.2.0-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/p9/ALT-PU-2024-13015/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202413015001",
"Version": "1",
"Check": "all",
"Comment": "chicken is earlier than 0:5.2.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413015001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413015001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413015002",
"Version": "1",
"Check": "all",
"Comment": "chicken-docs is earlier than 0:5.2.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413015002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413015001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413015003",
"Version": "1",
"Check": "all",
"Comment": "libchicken is earlier than 0:5.2.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413015003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413015001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413015004",
"Version": "1",
"Check": "all",
"Comment": "libchicken-devel is earlier than 0:5.2.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413015004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413015001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202413015005",
"Version": "1",
"Check": "all",
"Comment": "libchicken-devel-static is earlier than 0:5.2.0-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202413015005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202413015001"
}
}
]
}

203
oval/p9/ALT-PU-2024-16210/definitions.json Normal file
View File

@ -0,0 +1,203 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416210",
"Version": "oval:org.altlinux.errata:def:202416210",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16210: package `mono` update to version 6.12.0.206-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16210",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16210",
"Source": "ALTPU"
}
],
"Description": "This update upgrades mono to version 6.12.0.206-alt1. \nSecurity Fix(es):\n\n * #39899: 6.12.0\n\n * #40273: mono FTBFS\n\n * #46650: Обновление mono до версии 6.12.0.182.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-05"
},
"Updated": {
"Date": "2024-12-05"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "39899",
"Href": "https://bugzilla.altlinux.org/39899",
"Data": "6.12.0"
},
{
"ID": "40273",
"Href": "https://bugzilla.altlinux.org/40273",
"Data": "mono FTBFS"
},
{
"ID": "46650",
"Href": "https://bugzilla.altlinux.org/46650",
"Data": "Обновление mono до версии 6.12.0.182."
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416210001",
"Comment": "mono-core is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210002",
"Comment": "mono-data is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210003",
"Comment": "mono-data-oracle is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210004",
"Comment": "mono-data-sqlite is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210005",
"Comment": "mono-devel is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210006",
"Comment": "mono-devel-full is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210007",
"Comment": "mono-dyndata is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210008",
"Comment": "mono-extras is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210009",
"Comment": "mono-full is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210010",
"Comment": "mono-locale-extras is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210011",
"Comment": "mono-mono2-compat is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210012",
"Comment": "mono-mono2-compat-devel is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210013",
"Comment": "mono-monodoc is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210014",
"Comment": "mono-monodoc-devel is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210015",
"Comment": "mono-mvc is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210016",
"Comment": "mono-mvc-devel is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210017",
"Comment": "mono-reactive is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210018",
"Comment": "mono-reactive-devel is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210019",
"Comment": "mono-reactive-winforms is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210020",
"Comment": "mono-wcf is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210021",
"Comment": "mono-web is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210022",
"Comment": "mono-web-devel is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210023",
"Comment": "mono-winforms is earlier than 0:6.12.0.206-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416210024",
"Comment": "mono-winfx is earlier than 0:6.12.0.206-alt1"
}
]
}
]
}
}
]
}

172
oval/p9/ALT-PU-2024-16210/objects.json Normal file
View File

@ -0,0 +1,172 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416210001",
"Version": "1",
"Comment": "mono-core is installed",
"Name": "mono-core"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210002",
"Version": "1",
"Comment": "mono-data is installed",
"Name": "mono-data"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210003",
"Version": "1",
"Comment": "mono-data-oracle is installed",
"Name": "mono-data-oracle"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210004",
"Version": "1",
"Comment": "mono-data-sqlite is installed",
"Name": "mono-data-sqlite"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210005",
"Version": "1",
"Comment": "mono-devel is installed",
"Name": "mono-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210006",
"Version": "1",
"Comment": "mono-devel-full is installed",
"Name": "mono-devel-full"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210007",
"Version": "1",
"Comment": "mono-dyndata is installed",
"Name": "mono-dyndata"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210008",
"Version": "1",
"Comment": "mono-extras is installed",
"Name": "mono-extras"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210009",
"Version": "1",
"Comment": "mono-full is installed",
"Name": "mono-full"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210010",
"Version": "1",
"Comment": "mono-locale-extras is installed",
"Name": "mono-locale-extras"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210011",
"Version": "1",
"Comment": "mono-mono2-compat is installed",
"Name": "mono-mono2-compat"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210012",
"Version": "1",
"Comment": "mono-mono2-compat-devel is installed",
"Name": "mono-mono2-compat-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210013",
"Version": "1",
"Comment": "mono-monodoc is installed",
"Name": "mono-monodoc"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210014",
"Version": "1",
"Comment": "mono-monodoc-devel is installed",
"Name": "mono-monodoc-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210015",
"Version": "1",
"Comment": "mono-mvc is installed",
"Name": "mono-mvc"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210016",
"Version": "1",
"Comment": "mono-mvc-devel is installed",
"Name": "mono-mvc-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210017",
"Version": "1",
"Comment": "mono-reactive is installed",
"Name": "mono-reactive"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210018",
"Version": "1",
"Comment": "mono-reactive-devel is installed",
"Name": "mono-reactive-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210019",
"Version": "1",
"Comment": "mono-reactive-winforms is installed",
"Name": "mono-reactive-winforms"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210020",
"Version": "1",
"Comment": "mono-wcf is installed",
"Name": "mono-wcf"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210021",
"Version": "1",
"Comment": "mono-web is installed",
"Name": "mono-web"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210022",
"Version": "1",
"Comment": "mono-web-devel is installed",
"Name": "mono-web-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210023",
"Version": "1",
"Comment": "mono-winforms is installed",
"Name": "mono-winforms"
},
{
"ID": "oval:org.altlinux.errata:obj:202416210024",
"Version": "1",
"Comment": "mono-winfx is installed",
"Name": "mono-winfx"
}
]
}

23
oval/p9/ALT-PU-2024-16210/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416210001",
"Version": "1",
"Comment": "package EVR is earlier than 0:6.12.0.206-alt1",
"Arch": {},
"EVR": {
"Text": "0:6.12.0.206-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

306
oval/p9/ALT-PU-2024-16210/tests.json Normal file
View File

@ -0,0 +1,306 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416210001",
"Version": "1",
"Check": "all",
"Comment": "mono-core is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210002",
"Version": "1",
"Check": "all",
"Comment": "mono-data is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210003",
"Version": "1",
"Check": "all",
"Comment": "mono-data-oracle is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210004",
"Version": "1",
"Check": "all",
"Comment": "mono-data-sqlite is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210005",
"Version": "1",
"Check": "all",
"Comment": "mono-devel is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210006",
"Version": "1",
"Check": "all",
"Comment": "mono-devel-full is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210007",
"Version": "1",
"Check": "all",
"Comment": "mono-dyndata is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210008",
"Version": "1",
"Check": "all",
"Comment": "mono-extras is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210009",
"Version": "1",
"Check": "all",
"Comment": "mono-full is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210010",
"Version": "1",
"Check": "all",
"Comment": "mono-locale-extras is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210011",
"Version": "1",
"Check": "all",
"Comment": "mono-mono2-compat is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210012",
"Version": "1",
"Check": "all",
"Comment": "mono-mono2-compat-devel is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210013",
"Version": "1",
"Check": "all",
"Comment": "mono-monodoc is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210014",
"Version": "1",
"Check": "all",
"Comment": "mono-monodoc-devel is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210015",
"Version": "1",
"Check": "all",
"Comment": "mono-mvc is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210016",
"Version": "1",
"Check": "all",
"Comment": "mono-mvc-devel is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210017",
"Version": "1",
"Check": "all",
"Comment": "mono-reactive is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210018",
"Version": "1",
"Check": "all",
"Comment": "mono-reactive-devel is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210019",
"Version": "1",
"Check": "all",
"Comment": "mono-reactive-winforms is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210019"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210020",
"Version": "1",
"Check": "all",
"Comment": "mono-wcf is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210020"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210021",
"Version": "1",
"Check": "all",
"Comment": "mono-web is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210021"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210022",
"Version": "1",
"Check": "all",
"Comment": "mono-web-devel is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210022"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210023",
"Version": "1",
"Check": "all",
"Comment": "mono-winforms is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210023"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416210024",
"Version": "1",
"Check": "all",
"Comment": "mono-winfx is earlier than 0:6.12.0.206-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416210024"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416210001"
}
}
]
}

237
oval/p9/ALT-PU-2024-16336/definitions.json Normal file
View File

@ -0,0 +1,237 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416336",
"Version": "oval:org.altlinux.errata:def:202416336",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16336: package `postgresql12` update to version 12.22-alt0.M90P.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16336",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16336",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09679",
"RefURL": "https://bdu.fstec.ru/vul/2024-09679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09681",
"RefURL": "https://bdu.fstec.ru/vul/2024-09681",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09682",
"RefURL": "https://bdu.fstec.ru/vul/2024-09682",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09684",
"RefURL": "https://bdu.fstec.ru/vul/2024-09684",
"Source": "BDU"
},
{
"RefID": "CVE-2024-10976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10979",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql12 to version 12.22-alt0.M90P.1. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-05"
},
"Updated": {
"Date": "2024-12-05"
},
"BDUs": [
{
"ID": "BDU:2024-09679",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-15, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2024-09679",
"Impact": "High",
"Public": "20241114"
},
{
"ID": "BDU:2024-09681",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-266",
"Href": "https://bdu.fstec.ru/vul/2024-09681",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09682",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-264, CWE-348",
"Href": "https://bdu.fstec.ru/vul/2024-09682",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09684",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-1250",
"Href": "https://bdu.fstec.ru/vul/2024-09684",
"Impact": "Low",
"Public": "20241114"
}
],
"CVEs": [
{
"ID": "CVE-2024-10976",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10977",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10978",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10979",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416336001",
"Comment": "libecpg6 is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336002",
"Comment": "libpq5 is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336003",
"Comment": "postgresql-devel is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336004",
"Comment": "postgresql-devel-static is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336005",
"Comment": "postgresql12 is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336006",
"Comment": "postgresql12-contrib is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336007",
"Comment": "postgresql12-docs is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336008",
"Comment": "postgresql12-perl is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336009",
"Comment": "postgresql12-python is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336010",
"Comment": "postgresql12-server is earlier than 0:12.22-alt0.M90P.1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416336011",
"Comment": "postgresql12-tcl is earlier than 0:12.22-alt0.M90P.1"
}
]
}
]
}
}
]
}

94
oval/p9/ALT-PU-2024-16336/objects.json Normal file
View File

@ -0,0 +1,94 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416336001",
"Version": "1",
"Comment": "libecpg6 is installed",
"Name": "libecpg6"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336002",
"Version": "1",
"Comment": "libpq5 is installed",
"Name": "libpq5"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336003",
"Version": "1",
"Comment": "postgresql-devel is installed",
"Name": "postgresql-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336004",
"Version": "1",
"Comment": "postgresql-devel-static is installed",
"Name": "postgresql-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336005",
"Version": "1",
"Comment": "postgresql12 is installed",
"Name": "postgresql12"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336006",
"Version": "1",
"Comment": "postgresql12-contrib is installed",
"Name": "postgresql12-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336007",
"Version": "1",
"Comment": "postgresql12-docs is installed",
"Name": "postgresql12-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336008",
"Version": "1",
"Comment": "postgresql12-perl is installed",
"Name": "postgresql12-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336009",
"Version": "1",
"Comment": "postgresql12-python is installed",
"Name": "postgresql12-python"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336010",
"Version": "1",
"Comment": "postgresql12-server is installed",
"Name": "postgresql12-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416336011",
"Version": "1",
"Comment": "postgresql12-tcl is installed",
"Name": "postgresql12-tcl"
}
]
}

23
oval/p9/ALT-PU-2024-16336/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416336001",
"Version": "1",
"Comment": "package EVR is earlier than 0:12.22-alt0.M90P.1",
"Arch": {},
"EVR": {
"Text": "0:12.22-alt0.M90P.1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

150
oval/p9/ALT-PU-2024-16336/tests.json Normal file
View File

@ -0,0 +1,150 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416336001",
"Version": "1",
"Check": "all",
"Comment": "libecpg6 is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336002",
"Version": "1",
"Check": "all",
"Comment": "libpq5 is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336003",
"Version": "1",
"Check": "all",
"Comment": "postgresql-devel is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336004",
"Version": "1",
"Check": "all",
"Comment": "postgresql-devel-static is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336005",
"Version": "1",
"Check": "all",
"Comment": "postgresql12 is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336006",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-contrib is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336007",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-docs is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336008",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-perl is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336009",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-python is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336010",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-server is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416336011",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-tcl is earlier than 0:12.22-alt0.M90P.1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416336011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416336001"
}
}
]
}

221
oval/p9/ALT-PU-2024-16338/definitions.json Normal file
View File

@ -0,0 +1,221 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202416338",
"Version": "oval:org.altlinux.errata:def:202416338",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-16338: package `postgresql12-1C` update to version 12.20-alt0.M90P.3",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-16338",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-16338",
"Source": "ALTPU"
},
{
"RefID": "BDU:2024-09679",
"RefURL": "https://bdu.fstec.ru/vul/2024-09679",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09681",
"RefURL": "https://bdu.fstec.ru/vul/2024-09681",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09682",
"RefURL": "https://bdu.fstec.ru/vul/2024-09682",
"Source": "BDU"
},
{
"RefID": "BDU:2024-09684",
"RefURL": "https://bdu.fstec.ru/vul/2024-09684",
"Source": "BDU"
},
{
"RefID": "CVE-2024-10976",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10977",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Source": "CVE"
},
{
"RefID": "CVE-2024-10979",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Source": "CVE"
}
],
"Description": "This update upgrades postgresql12-1C to version 12.20-alt0.M90P.3. \nSecurity Fix(es):\n\n * BDU:2024-09679: Уязвимость переменных среды PL/Perl системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-09681: Уязвимость команд SET ROLE, SET SESSION системы управления базами данных PostgreSQL, позволяющая нарушителю повысить свои привилегии и получить доступ к защищаемой информации\n\n * BDU:2024-09682: Уязвимость компонента libpq системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить атаку типа «человек посередине»\n\n * BDU:2024-09684: Уязвимость политики безопасности таблиц с защитой строк CREATE POLICY системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольные команды\n\n * CVE-2024-10976: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10977: Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10978: Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\n\n * CVE-2024-10979: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-05"
},
"Updated": {
"Date": "2024-12-05"
},
"BDUs": [
{
"ID": "BDU:2024-09679",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-15, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2024-09679",
"Impact": "High",
"Public": "20241114"
},
{
"ID": "BDU:2024-09681",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-266",
"Href": "https://bdu.fstec.ru/vul/2024-09681",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09682",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "CWE-264, CWE-348",
"Href": "https://bdu.fstec.ru/vul/2024-09682",
"Impact": "Low",
"Public": "20241114"
},
{
"ID": "BDU:2024-09684",
"CVSS": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-264, CWE-1250",
"Href": "https://bdu.fstec.ru/vul/2024-09684",
"Impact": "Low",
"Public": "20241114"
}
],
"CVEs": [
{
"ID": "CVE-2024-10976",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10976",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10977",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10977",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10978",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978",
"Impact": "None",
"Public": "20241114"
},
{
"ID": "CVE-2024-10979",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-10979",
"Impact": "None",
"Public": "20241114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202416338001",
"Comment": "postgresql12-1C is earlier than 0:12.20-alt0.M90P.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416338002",
"Comment": "postgresql12-1C-contrib is earlier than 0:12.20-alt0.M90P.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416338003",
"Comment": "postgresql12-1C-docs is earlier than 0:12.20-alt0.M90P.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416338004",
"Comment": "postgresql12-1C-perl is earlier than 0:12.20-alt0.M90P.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416338005",
"Comment": "postgresql12-1C-python is earlier than 0:12.20-alt0.M90P.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416338006",
"Comment": "postgresql12-1C-server is earlier than 0:12.20-alt0.M90P.3"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202416338007",
"Comment": "postgresql12-1C-tcl is earlier than 0:12.20-alt0.M90P.3"
}
]
}
]
}
}
]
}

70
oval/p9/ALT-PU-2024-16338/objects.json Normal file
View File

@ -0,0 +1,70 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:1001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202416338001",
"Version": "1",
"Comment": "postgresql12-1C is installed",
"Name": "postgresql12-1C"
},
{
"ID": "oval:org.altlinux.errata:obj:202416338002",
"Version": "1",
"Comment": "postgresql12-1C-contrib is installed",
"Name": "postgresql12-1C-contrib"
},
{
"ID": "oval:org.altlinux.errata:obj:202416338003",
"Version": "1",
"Comment": "postgresql12-1C-docs is installed",
"Name": "postgresql12-1C-docs"
},
{
"ID": "oval:org.altlinux.errata:obj:202416338004",
"Version": "1",
"Comment": "postgresql12-1C-perl is installed",
"Name": "postgresql12-1C-perl"
},
{
"ID": "oval:org.altlinux.errata:obj:202416338005",
"Version": "1",
"Comment": "postgresql12-1C-python is installed",
"Name": "postgresql12-1C-python"
},
{
"ID": "oval:org.altlinux.errata:obj:202416338006",
"Version": "1",
"Comment": "postgresql12-1C-server is installed",
"Name": "postgresql12-1C-server"
},
{
"ID": "oval:org.altlinux.errata:obj:202416338007",
"Version": "1",
"Comment": "postgresql12-1C-tcl is installed",
"Name": "postgresql12-1C-tcl"
}
]
}

23
oval/p9/ALT-PU-2024-16338/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:1001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202416338001",
"Version": "1",
"Comment": "package EVR is earlier than 0:12.20-alt0.M90P.3",
"Arch": {},
"EVR": {
"Text": "0:12.20-alt0.M90P.3",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

102
oval/p9/ALT-PU-2024-16338/tests.json Normal file
View File

@ -0,0 +1,102 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:1001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p9' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:1001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:1001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202416338001",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-1C is earlier than 0:12.20-alt0.M90P.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416338001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416338001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416338002",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-1C-contrib is earlier than 0:12.20-alt0.M90P.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416338002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416338001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416338003",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-1C-docs is earlier than 0:12.20-alt0.M90P.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416338003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416338001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416338004",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-1C-perl is earlier than 0:12.20-alt0.M90P.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416338004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416338001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416338005",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-1C-python is earlier than 0:12.20-alt0.M90P.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416338005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416338001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416338006",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-1C-server is earlier than 0:12.20-alt0.M90P.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416338006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416338001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202416338007",
"Version": "1",
"Check": "all",
"Comment": "postgresql12-1C-tcl is earlier than 0:12.20-alt0.M90P.3",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202416338007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202416338001"
}
}
]
}