pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-03-05 15:02:16 +00:00
parent 147fa04e18
commit cd8ed55e1a
12 changed files with 540 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
oval/c10f1/ALT-PU-2024-3455/definitions.json Normal file
View File

@ -0,0 +1,77 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243455",
"Version": "oval:org.altlinux.errata:def:20243455",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3455: package `psqlodbc` update to version 16.00.0000-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3455",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3455",
"Source": "ALTPU"
}
],
"Description": "This update upgrades psqlodbc to version 16.00.0000-alt1. \nSecurity Fix(es):\n\n * #47251: libpsqlodbc 15.0",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-05"
},
"Updated": {
"Date": "2024-03-05"
},
"bdu": null,
"Bugzilla": [
{
"Id": "47251",
"Href": "https://bugzilla.altlinux.org/47251",
"Data": "libpsqlodbc 15.0"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243455001",
"Comment": "libpsqlodbc is earlier than 0:16.00.0000-alt1"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-3455/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20243455001",
"Version": "1",
"comment": "libpsqlodbc is installed",
"Name": "libpsqlodbc"
}
]
}

23
oval/c10f1/ALT-PU-2024-3455/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20243455001",
"Version": "1",
"Comment": "package EVR is earlier than 0:16.00.0000-alt1",
"Arch": {},
"Evr": {
"Text": "0:16.00.0000-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-3455/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20243455001",
"Version": "1",
"Check": "all",
"Comment": "libpsqlodbc is earlier than 0:16.00.0000-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20243455001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20243455001"
}
}
]
}

89
oval/c10f2/ALT-PU-2024-3207/definitions.json Normal file
View File

@ -0,0 +1,89 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243207",
"Version": "oval:org.altlinux.errata:def:20243207",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3207: package `liferea` update to version 1.14.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3207",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3207",
"Source": "ALTPU"
},
{
"RefID": "CVE-2023-1350",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-1350",
"Source": "CVE"
}
],
"Description": "This update upgrades liferea to version 1.14.5-alt1. \nSecurity Fix(es):\n\n * CVE-2023-1350: A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-05"
},
"Updated": {
"Date": "2024-03-05"
},
"bdu": null,
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-78",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-1350",
"Impact": "Critical",
"Public": "20230311",
"CveID": "CVE-2023-1350"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243207001",
"Comment": "liferea is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243207002",
"Comment": "liferea-plugins-gnome-keyring is earlier than 0:1.14.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243207003",
"Comment": "liferea-plugins-media-player is earlier than 0:1.14.5-alt1"
}
]
}
]
}
}
]
}

46
oval/c10f2/ALT-PU-2024-3207/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20243207001",
"Version": "1",
"comment": "liferea is installed",
"Name": "liferea"
},
{
"ID": "oval:org.altlinux.errata:obj:20243207002",
"Version": "1",
"comment": "liferea-plugins-gnome-keyring is installed",
"Name": "liferea-plugins-gnome-keyring"
},
{
"ID": "oval:org.altlinux.errata:obj:20243207003",
"Version": "1",
"comment": "liferea-plugins-media-player is installed",
"Name": "liferea-plugins-media-player"
}
]
}

23
oval/c10f2/ALT-PU-2024-3207/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20243207001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.14.5-alt1",
"Arch": {},
"Evr": {
"Text": "0:1.14.5-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/c10f2/ALT-PU-2024-3207/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20243207001",
"Version": "1",
"Check": "all",
"Comment": "liferea is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20243207001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20243207001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20243207002",
"Version": "1",
"Check": "all",
"Comment": "liferea-plugins-gnome-keyring is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20243207002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20243207001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20243207003",
"Version": "1",
"Check": "all",
"Comment": "liferea-plugins-media-player is earlier than 0:1.14.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20243207003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20243207001"
}
}
]
}

77
oval/c9f2/ALT-PU-2024-3013/definitions.json Normal file
View File

@ -0,0 +1,77 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243013",
"Version": "oval:org.altlinux.errata:def:20243013",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3013: package `rclone` update to version 1.61.1-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3013",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3013",
"Source": "ALTPU"
}
],
"Description": "This update upgrades rclone to version 1.61.1-alt1. \nSecurity Fix(es):\n\n * #45130: Не работает синхронизация с облаком mail.ru",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-05"
},
"Updated": {
"Date": "2024-03-05"
},
"bdu": null,
"Bugzilla": [
{
"Id": "45130",
"Href": "https://bugzilla.altlinux.org/45130",
"Data": "Не работает синхронизация с облаком mail.ru"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243013001",
"Comment": "rclone is earlier than 0:1.61.1-alt1"
}
]
}
]
}
}
]
}

34
oval/c9f2/ALT-PU-2024-3013/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20243013001",
"Version": "1",
"comment": "rclone is installed",
"Name": "rclone"
}
]
}

23
oval/c9f2/ALT-PU-2024-3013/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20243013001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.61.1-alt1",
"Arch": {},
"Evr": {
"Text": "0:1.61.1-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c9f2/ALT-PU-2024-3013/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20243013001",
"Version": "1",
"Check": "all",
"Comment": "rclone is earlier than 0:1.61.1-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20243013001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20243013001"
}
}
]
}