pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-11-02 03:04:19 +00:00
parent 36f745221e
commit dbcb2ba3b5
144 changed files with 15907 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

307
oval/p10/ALT-PU-2024-14231/definitions.json Normal file
View File

@ -0,0 +1,307 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414231",
"Version": "oval:org.altlinux.errata:def:202414231",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14231: package `qt5-declarative` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14231",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14231",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-declarative to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414231001",
"Comment": "libqt5-qml is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231002",
"Comment": "libqt5-qmlmodels is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231003",
"Comment": "libqt5-qmlworkerscript is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231004",
"Comment": "libqt5-quick is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231005",
"Comment": "libqt5-quickparticles is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231006",
"Comment": "libqt5-quickshapes is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231007",
"Comment": "libqt5-quicktest is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231008",
"Comment": "libqt5-quickwidgets is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231009",
"Comment": "qt5-declarative-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231010",
"Comment": "qt5-declarative-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231011",
"Comment": "qt5-declarative-devel-static is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231012",
"Comment": "qt5-declarative-doc is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414231013",
"Comment": "rpm-build-qml is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

106
oval/p10/ALT-PU-2024-14231/objects.json Normal file
View File

@ -0,0 +1,106 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414231001",
"Version": "1",
"Comment": "libqt5-qml is installed",
"Name": "libqt5-qml"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231002",
"Version": "1",
"Comment": "libqt5-qmlmodels is installed",
"Name": "libqt5-qmlmodels"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231003",
"Version": "1",
"Comment": "libqt5-qmlworkerscript is installed",
"Name": "libqt5-qmlworkerscript"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231004",
"Version": "1",
"Comment": "libqt5-quick is installed",
"Name": "libqt5-quick"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231005",
"Version": "1",
"Comment": "libqt5-quickparticles is installed",
"Name": "libqt5-quickparticles"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231006",
"Version": "1",
"Comment": "libqt5-quickshapes is installed",
"Name": "libqt5-quickshapes"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231007",
"Version": "1",
"Comment": "libqt5-quicktest is installed",
"Name": "libqt5-quicktest"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231008",
"Version": "1",
"Comment": "libqt5-quickwidgets is installed",
"Name": "libqt5-quickwidgets"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231009",
"Version": "1",
"Comment": "qt5-declarative-common is installed",
"Name": "qt5-declarative-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231010",
"Version": "1",
"Comment": "qt5-declarative-devel is installed",
"Name": "qt5-declarative-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231011",
"Version": "1",
"Comment": "qt5-declarative-devel-static is installed",
"Name": "qt5-declarative-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231012",
"Version": "1",
"Comment": "qt5-declarative-doc is installed",
"Name": "qt5-declarative-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414231013",
"Version": "1",
"Comment": "rpm-build-qml is installed",
"Name": "rpm-build-qml"
}
]
}

23
oval/p10/ALT-PU-2024-14231/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414231001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

174
oval/p10/ALT-PU-2024-14231/tests.json Normal file
View File

@ -0,0 +1,174 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414231001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-qml is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231002",
"Version": "1",
"Check": "all",
"Comment": "libqt5-qmlmodels is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231003",
"Version": "1",
"Check": "all",
"Comment": "libqt5-qmlworkerscript is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231004",
"Version": "1",
"Check": "all",
"Comment": "libqt5-quick is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231005",
"Version": "1",
"Check": "all",
"Comment": "libqt5-quickparticles is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231006",
"Version": "1",
"Check": "all",
"Comment": "libqt5-quickshapes is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231007",
"Version": "1",
"Check": "all",
"Comment": "libqt5-quicktest is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231008",
"Version": "1",
"Check": "all",
"Comment": "libqt5-quickwidgets is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231009",
"Version": "1",
"Check": "all",
"Comment": "qt5-declarative-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231010",
"Version": "1",
"Check": "all",
"Comment": "qt5-declarative-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231011",
"Version": "1",
"Check": "all",
"Comment": "qt5-declarative-devel-static is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231012",
"Version": "1",
"Check": "all",
"Comment": "qt5-declarative-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414231013",
"Version": "1",
"Check": "all",
"Comment": "rpm-build-qml is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414231013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414231001"
}
}
]
}

267
oval/p10/ALT-PU-2024-14233/definitions.json Normal file
View File

@ -0,0 +1,267 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414233",
"Version": "oval:org.altlinux.errata:def:202414233",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14233: package `qt5-quicktimeline` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14233",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14233",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-quicktimeline to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414233001",
"Comment": "qt5-quicktimeline is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414233002",
"Comment": "qt5-quicktimeline-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414233003",
"Comment": "qt5-quicktimeline-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

46
oval/p10/ALT-PU-2024-14233/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414233001",
"Version": "1",
"Comment": "qt5-quicktimeline is installed",
"Name": "qt5-quicktimeline"
},
{
"ID": "oval:org.altlinux.errata:obj:202414233002",
"Version": "1",
"Comment": "qt5-quicktimeline-common is installed",
"Name": "qt5-quicktimeline-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414233003",
"Version": "1",
"Comment": "qt5-quicktimeline-doc is installed",
"Name": "qt5-quicktimeline-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14233/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414233001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-14233/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414233001",
"Version": "1",
"Check": "all",
"Comment": "qt5-quicktimeline is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414233001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414233001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414233002",
"Version": "1",
"Check": "all",
"Comment": "qt5-quicktimeline-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414233002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414233001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414233003",
"Version": "1",
"Check": "all",
"Comment": "qt5-quicktimeline-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414233003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414233001"
}
}
]
}

279
oval/p10/ALT-PU-2024-14234/definitions.json Normal file
View File

@ -0,0 +1,279 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414234",
"Version": "oval:org.altlinux.errata:def:202414234",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14234: package `qt5-connectivity` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14234",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14234",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-connectivity to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414234001",
"Comment": "libqt5-bluetooth is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414234002",
"Comment": "libqt5-nfc is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414234003",
"Comment": "qt5-connectivity is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414234004",
"Comment": "qt5-connectivity-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414234005",
"Comment": "qt5-connectivity-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414234006",
"Comment": "qt5-connectivity-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

64
oval/p10/ALT-PU-2024-14234/objects.json Normal file
View File

@ -0,0 +1,64 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414234001",
"Version": "1",
"Comment": "libqt5-bluetooth is installed",
"Name": "libqt5-bluetooth"
},
{
"ID": "oval:org.altlinux.errata:obj:202414234002",
"Version": "1",
"Comment": "libqt5-nfc is installed",
"Name": "libqt5-nfc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414234003",
"Version": "1",
"Comment": "qt5-connectivity is installed",
"Name": "qt5-connectivity"
},
{
"ID": "oval:org.altlinux.errata:obj:202414234004",
"Version": "1",
"Comment": "qt5-connectivity-common is installed",
"Name": "qt5-connectivity-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414234005",
"Version": "1",
"Comment": "qt5-connectivity-devel is installed",
"Name": "qt5-connectivity-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414234006",
"Version": "1",
"Comment": "qt5-connectivity-doc is installed",
"Name": "qt5-connectivity-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14234/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414234001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

90
oval/p10/ALT-PU-2024-14234/tests.json Normal file
View File

@ -0,0 +1,90 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414234001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-bluetooth is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414234001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414234001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414234002",
"Version": "1",
"Check": "all",
"Comment": "libqt5-nfc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414234002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414234001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414234003",
"Version": "1",
"Check": "all",
"Comment": "qt5-connectivity is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414234003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414234001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414234004",
"Version": "1",
"Check": "all",
"Comment": "qt5-connectivity-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414234004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414234001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414234005",
"Version": "1",
"Check": "all",
"Comment": "qt5-connectivity-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414234005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414234001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414234006",
"Version": "1",
"Check": "all",
"Comment": "qt5-connectivity-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414234006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414234001"
}
}
]
}

275
oval/p10/ALT-PU-2024-14235/definitions.json Normal file
View File

@ -0,0 +1,275 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414235",
"Version": "oval:org.altlinux.errata:def:202414235",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14235: package `qt5-serialbus` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14235",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14235",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-serialbus to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414235001",
"Comment": "libqt5-serialbus is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414235002",
"Comment": "qt5-serialbus is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414235003",
"Comment": "qt5-serialbus-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414235004",
"Comment": "qt5-serialbus-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414235005",
"Comment": "qt5-serialbus-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

58
oval/p10/ALT-PU-2024-14235/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414235001",
"Version": "1",
"Comment": "libqt5-serialbus is installed",
"Name": "libqt5-serialbus"
},
{
"ID": "oval:org.altlinux.errata:obj:202414235002",
"Version": "1",
"Comment": "qt5-serialbus is installed",
"Name": "qt5-serialbus"
},
{
"ID": "oval:org.altlinux.errata:obj:202414235003",
"Version": "1",
"Comment": "qt5-serialbus-common is installed",
"Name": "qt5-serialbus-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414235004",
"Version": "1",
"Comment": "qt5-serialbus-devel is installed",
"Name": "qt5-serialbus-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414235005",
"Version": "1",
"Comment": "qt5-serialbus-doc is installed",
"Name": "qt5-serialbus-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14235/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414235001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/p10/ALT-PU-2024-14235/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414235001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-serialbus is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414235001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414235001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414235002",
"Version": "1",
"Check": "all",
"Comment": "qt5-serialbus is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414235002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414235001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414235003",
"Version": "1",
"Check": "all",
"Comment": "qt5-serialbus-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414235003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414235001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414235004",
"Version": "1",
"Check": "all",
"Comment": "qt5-serialbus-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414235004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414235001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414235005",
"Version": "1",
"Check": "all",
"Comment": "qt5-serialbus-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414235005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414235001"
}
}
]
}

267
oval/p10/ALT-PU-2024-14236/definitions.json Normal file
View File

@ -0,0 +1,267 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414236",
"Version": "oval:org.altlinux.errata:def:202414236",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14236: package `qt5-graphicaleffects` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14236",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14236",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-graphicaleffects to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414236001",
"Comment": "qt5-graphicaleffects is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414236002",
"Comment": "qt5-graphicaleffects-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414236003",
"Comment": "qt5-graphicaleffects-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

46
oval/p10/ALT-PU-2024-14236/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414236001",
"Version": "1",
"Comment": "qt5-graphicaleffects is installed",
"Name": "qt5-graphicaleffects"
},
{
"ID": "oval:org.altlinux.errata:obj:202414236002",
"Version": "1",
"Comment": "qt5-graphicaleffects-common is installed",
"Name": "qt5-graphicaleffects-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414236003",
"Version": "1",
"Comment": "qt5-graphicaleffects-doc is installed",
"Name": "qt5-graphicaleffects-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14236/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414236001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-14236/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414236001",
"Version": "1",
"Check": "all",
"Comment": "qt5-graphicaleffects is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414236001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414236001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414236002",
"Version": "1",
"Check": "all",
"Comment": "qt5-graphicaleffects-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414236002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414236001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414236003",
"Version": "1",
"Check": "all",
"Comment": "qt5-graphicaleffects-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414236003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414236001"
}
}
]
}

259
oval/p10/ALT-PU-2024-14237/definitions.json Normal file
View File

@ -0,0 +1,259 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414237",
"Version": "oval:org.altlinux.errata:def:202414237",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14237: package `qt5-doc` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14237",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14237",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-doc to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414237001",
"Comment": "qt5-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

34
oval/p10/ALT-PU-2024-14237/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414237001",
"Version": "1",
"Comment": "qt5-doc is installed",
"Name": "qt5-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14237/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414237001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/p10/ALT-PU-2024-14237/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414237001",
"Version": "1",
"Check": "all",
"Comment": "qt5-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414237001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414237001"
}
}
]
}

279
oval/p10/ALT-PU-2024-14238/definitions.json Normal file
View File

@ -0,0 +1,279 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414238",
"Version": "oval:org.altlinux.errata:def:202414238",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14238: package `qt5-wayland` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14238",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14238",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-wayland to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414238001",
"Comment": "libqt5-waylandclient is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414238002",
"Comment": "libqt5-waylandcompositor is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414238003",
"Comment": "qt5-wayland is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414238004",
"Comment": "qt5-wayland-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414238005",
"Comment": "qt5-wayland-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414238006",
"Comment": "qt5-wayland-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

64
oval/p10/ALT-PU-2024-14238/objects.json Normal file
View File

@ -0,0 +1,64 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414238001",
"Version": "1",
"Comment": "libqt5-waylandclient is installed",
"Name": "libqt5-waylandclient"
},
{
"ID": "oval:org.altlinux.errata:obj:202414238002",
"Version": "1",
"Comment": "libqt5-waylandcompositor is installed",
"Name": "libqt5-waylandcompositor"
},
{
"ID": "oval:org.altlinux.errata:obj:202414238003",
"Version": "1",
"Comment": "qt5-wayland is installed",
"Name": "qt5-wayland"
},
{
"ID": "oval:org.altlinux.errata:obj:202414238004",
"Version": "1",
"Comment": "qt5-wayland-common is installed",
"Name": "qt5-wayland-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414238005",
"Version": "1",
"Comment": "qt5-wayland-devel is installed",
"Name": "qt5-wayland-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414238006",
"Version": "1",
"Comment": "qt5-wayland-doc is installed",
"Name": "qt5-wayland-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14238/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414238001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

90
oval/p10/ALT-PU-2024-14238/tests.json Normal file
View File

@ -0,0 +1,90 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414238001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-waylandclient is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414238001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414238001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414238002",
"Version": "1",
"Check": "all",
"Comment": "libqt5-waylandcompositor is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414238002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414238001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414238003",
"Version": "1",
"Check": "all",
"Comment": "qt5-wayland is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414238003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414238001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414238004",
"Version": "1",
"Check": "all",
"Comment": "qt5-wayland-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414238004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414238001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414238005",
"Version": "1",
"Check": "all",
"Comment": "qt5-wayland-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414238005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414238001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414238006",
"Version": "1",
"Check": "all",
"Comment": "qt5-wayland-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414238006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414238001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14239/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414239",
"Version": "oval:org.altlinux.errata:def:202414239",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14239: package `qt5-webview` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14239",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14239",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-webview to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414239001",
"Comment": "libqt5-webview is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414239002",
"Comment": "qt5-webview-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414239003",
"Comment": "qt5-webview-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414239004",
"Comment": "qt5-webview-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14239/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414239001",
"Version": "1",
"Comment": "libqt5-webview is installed",
"Name": "libqt5-webview"
},
{
"ID": "oval:org.altlinux.errata:obj:202414239002",
"Version": "1",
"Comment": "qt5-webview-common is installed",
"Name": "qt5-webview-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414239003",
"Version": "1",
"Comment": "qt5-webview-devel is installed",
"Name": "qt5-webview-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414239004",
"Version": "1",
"Comment": "qt5-webview-doc is installed",
"Name": "qt5-webview-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14239/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414239001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14239/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414239001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-webview is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414239001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414239002",
"Version": "1",
"Check": "all",
"Comment": "qt5-webview-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414239002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414239003",
"Version": "1",
"Check": "all",
"Comment": "qt5-webview-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414239003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414239001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414239004",
"Version": "1",
"Check": "all",
"Comment": "qt5-webview-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414239004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414239001"
}
}
]
}

319
oval/p10/ALT-PU-2024-14240/definitions.json Normal file
View File

@ -0,0 +1,319 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414240",
"Version": "oval:org.altlinux.errata:def:202414240",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14240: package `qt5-3d` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14240",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14240",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-3d to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414240001",
"Comment": "libqt5-3danimation is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240002",
"Comment": "libqt5-3dcore is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240003",
"Comment": "libqt5-3dextras is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240004",
"Comment": "libqt5-3dinput is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240005",
"Comment": "libqt5-3dlogic is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240006",
"Comment": "libqt5-3dquick is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240007",
"Comment": "libqt5-3dquickanimation is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240008",
"Comment": "libqt5-3dquickextras is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240009",
"Comment": "libqt5-3dquickinput is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240010",
"Comment": "libqt5-3dquickrender is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240011",
"Comment": "libqt5-3dquickscene2d is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240012",
"Comment": "libqt5-3drender is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240013",
"Comment": "qt5-3d is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240014",
"Comment": "qt5-3d-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240015",
"Comment": "qt5-3d-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414240016",
"Comment": "qt5-3d-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

124
oval/p10/ALT-PU-2024-14240/objects.json Normal file
View File

@ -0,0 +1,124 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414240001",
"Version": "1",
"Comment": "libqt5-3danimation is installed",
"Name": "libqt5-3danimation"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240002",
"Version": "1",
"Comment": "libqt5-3dcore is installed",
"Name": "libqt5-3dcore"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240003",
"Version": "1",
"Comment": "libqt5-3dextras is installed",
"Name": "libqt5-3dextras"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240004",
"Version": "1",
"Comment": "libqt5-3dinput is installed",
"Name": "libqt5-3dinput"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240005",
"Version": "1",
"Comment": "libqt5-3dlogic is installed",
"Name": "libqt5-3dlogic"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240006",
"Version": "1",
"Comment": "libqt5-3dquick is installed",
"Name": "libqt5-3dquick"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240007",
"Version": "1",
"Comment": "libqt5-3dquickanimation is installed",
"Name": "libqt5-3dquickanimation"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240008",
"Version": "1",
"Comment": "libqt5-3dquickextras is installed",
"Name": "libqt5-3dquickextras"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240009",
"Version": "1",
"Comment": "libqt5-3dquickinput is installed",
"Name": "libqt5-3dquickinput"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240010",
"Version": "1",
"Comment": "libqt5-3dquickrender is installed",
"Name": "libqt5-3dquickrender"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240011",
"Version": "1",
"Comment": "libqt5-3dquickscene2d is installed",
"Name": "libqt5-3dquickscene2d"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240012",
"Version": "1",
"Comment": "libqt5-3drender is installed",
"Name": "libqt5-3drender"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240013",
"Version": "1",
"Comment": "qt5-3d is installed",
"Name": "qt5-3d"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240014",
"Version": "1",
"Comment": "qt5-3d-common is installed",
"Name": "qt5-3d-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240015",
"Version": "1",
"Comment": "qt5-3d-devel is installed",
"Name": "qt5-3d-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414240016",
"Version": "1",
"Comment": "qt5-3d-doc is installed",
"Name": "qt5-3d-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14240/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414240001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

210
oval/p10/ALT-PU-2024-14240/tests.json Normal file
View File

@ -0,0 +1,210 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414240001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3danimation is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240002",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dcore is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240003",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dextras is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240004",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dinput is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240005",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dlogic is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240006",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dquick is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240007",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dquickanimation is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240008",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dquickextras is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240009",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dquickinput is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240010",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dquickrender is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240011",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3dquickscene2d is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240012",
"Version": "1",
"Check": "all",
"Comment": "libqt5-3drender is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240013",
"Version": "1",
"Check": "all",
"Comment": "qt5-3d is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240014",
"Version": "1",
"Check": "all",
"Comment": "qt5-3d-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240015",
"Version": "1",
"Check": "all",
"Comment": "qt5-3d-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414240016",
"Version": "1",
"Check": "all",
"Comment": "qt5-3d-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414240016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414240001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14241/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414241",
"Version": "oval:org.altlinux.errata:def:202414241",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14241: package `qt5-gamepad` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14241",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14241",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-gamepad to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414241001",
"Comment": "libqt5-gamepad is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414241002",
"Comment": "qt5-gamepad-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414241003",
"Comment": "qt5-gamepad-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414241004",
"Comment": "qt5-gamepad-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14241/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414241001",
"Version": "1",
"Comment": "libqt5-gamepad is installed",
"Name": "libqt5-gamepad"
},
{
"ID": "oval:org.altlinux.errata:obj:202414241002",
"Version": "1",
"Comment": "qt5-gamepad-common is installed",
"Name": "qt5-gamepad-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414241003",
"Version": "1",
"Comment": "qt5-gamepad-devel is installed",
"Name": "qt5-gamepad-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414241004",
"Version": "1",
"Comment": "qt5-gamepad-doc is installed",
"Name": "qt5-gamepad-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14241/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414241001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14241/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414241001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-gamepad is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414241001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414241001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414241002",
"Version": "1",
"Check": "all",
"Comment": "qt5-gamepad-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414241002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414241001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414241003",
"Version": "1",
"Check": "all",
"Comment": "qt5-gamepad-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414241003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414241001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414241004",
"Version": "1",
"Check": "all",
"Comment": "qt5-gamepad-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414241004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414241001"
}
}
]
}

275
oval/p10/ALT-PU-2024-14242/definitions.json Normal file
View File

@ -0,0 +1,275 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414242",
"Version": "oval:org.altlinux.errata:def:202414242",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14242: package `qt5-remoteobjects` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14242",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14242",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-remoteobjects to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414242001",
"Comment": "libqt5-remoteobjects is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414242002",
"Comment": "qt5-remoteobjects is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414242003",
"Comment": "qt5-remoteobjects-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414242004",
"Comment": "qt5-remoteobjects-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414242005",
"Comment": "qt5-remoteobjects-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

58
oval/p10/ALT-PU-2024-14242/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414242001",
"Version": "1",
"Comment": "libqt5-remoteobjects is installed",
"Name": "libqt5-remoteobjects"
},
{
"ID": "oval:org.altlinux.errata:obj:202414242002",
"Version": "1",
"Comment": "qt5-remoteobjects is installed",
"Name": "qt5-remoteobjects"
},
{
"ID": "oval:org.altlinux.errata:obj:202414242003",
"Version": "1",
"Comment": "qt5-remoteobjects-common is installed",
"Name": "qt5-remoteobjects-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414242004",
"Version": "1",
"Comment": "qt5-remoteobjects-devel is installed",
"Name": "qt5-remoteobjects-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414242005",
"Version": "1",
"Comment": "qt5-remoteobjects-doc is installed",
"Name": "qt5-remoteobjects-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14242/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414242001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/p10/ALT-PU-2024-14242/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414242001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-remoteobjects is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414242001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414242001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414242002",
"Version": "1",
"Check": "all",
"Comment": "qt5-remoteobjects is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414242002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414242001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414242003",
"Version": "1",
"Check": "all",
"Comment": "qt5-remoteobjects-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414242003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414242001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414242004",
"Version": "1",
"Check": "all",
"Comment": "qt5-remoteobjects-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414242004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414242001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414242005",
"Version": "1",
"Check": "all",
"Comment": "qt5-remoteobjects-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414242005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414242001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14243/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414243",
"Version": "oval:org.altlinux.errata:def:202414243",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14243: package `qt5-websockets` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14243",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14243",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-websockets to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414243001",
"Comment": "libqt5-websockets is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414243002",
"Comment": "qt5-websockets-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414243003",
"Comment": "qt5-websockets-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414243004",
"Comment": "qt5-websockets-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14243/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414243001",
"Version": "1",
"Comment": "libqt5-websockets is installed",
"Name": "libqt5-websockets"
},
{
"ID": "oval:org.altlinux.errata:obj:202414243002",
"Version": "1",
"Comment": "qt5-websockets-common is installed",
"Name": "qt5-websockets-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414243003",
"Version": "1",
"Comment": "qt5-websockets-devel is installed",
"Name": "qt5-websockets-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414243004",
"Version": "1",
"Comment": "qt5-websockets-doc is installed",
"Name": "qt5-websockets-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14243/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414243001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14243/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414243001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-websockets is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414243001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414243001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414243002",
"Version": "1",
"Check": "all",
"Comment": "qt5-websockets-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414243002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414243001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414243003",
"Version": "1",
"Check": "all",
"Comment": "qt5-websockets-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414243003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414243001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414243004",
"Version": "1",
"Check": "all",
"Comment": "qt5-websockets-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414243004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414243001"
}
}
]
}

275
oval/p10/ALT-PU-2024-14244/definitions.json Normal file
View File

@ -0,0 +1,275 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414244",
"Version": "oval:org.altlinux.errata:def:202414244",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14244: package `qt5-scxml` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14244",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14244",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-scxml to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414244001",
"Comment": "libqt5-scxml is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414244002",
"Comment": "qt5-scxml is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414244003",
"Comment": "qt5-scxml-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414244004",
"Comment": "qt5-scxml-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414244005",
"Comment": "qt5-scxml-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

58
oval/p10/ALT-PU-2024-14244/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414244001",
"Version": "1",
"Comment": "libqt5-scxml is installed",
"Name": "libqt5-scxml"
},
{
"ID": "oval:org.altlinux.errata:obj:202414244002",
"Version": "1",
"Comment": "qt5-scxml is installed",
"Name": "qt5-scxml"
},
{
"ID": "oval:org.altlinux.errata:obj:202414244003",
"Version": "1",
"Comment": "qt5-scxml-common is installed",
"Name": "qt5-scxml-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414244004",
"Version": "1",
"Comment": "qt5-scxml-devel is installed",
"Name": "qt5-scxml-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414244005",
"Version": "1",
"Comment": "qt5-scxml-doc is installed",
"Name": "qt5-scxml-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14244/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414244001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/p10/ALT-PU-2024-14244/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414244001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-scxml is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414244001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414244001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414244002",
"Version": "1",
"Check": "all",
"Comment": "qt5-scxml is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414244002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414244001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414244003",
"Version": "1",
"Check": "all",
"Comment": "qt5-scxml-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414244003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414244001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414244004",
"Version": "1",
"Check": "all",
"Comment": "qt5-scxml-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414244004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414244001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414244005",
"Version": "1",
"Check": "all",
"Comment": "qt5-scxml-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414244005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414244001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14245/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414245",
"Version": "oval:org.altlinux.errata:def:202414245",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14245: package `qt5-networkauth` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14245",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14245",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-networkauth to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414245001",
"Comment": "libqt5-networkauth is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414245002",
"Comment": "qt5-networkauth-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414245003",
"Comment": "qt5-networkauth-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414245004",
"Comment": "qt5-networkauth-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14245/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414245001",
"Version": "1",
"Comment": "libqt5-networkauth is installed",
"Name": "libqt5-networkauth"
},
{
"ID": "oval:org.altlinux.errata:obj:202414245002",
"Version": "1",
"Comment": "qt5-networkauth-common is installed",
"Name": "qt5-networkauth-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414245003",
"Version": "1",
"Comment": "qt5-networkauth-devel is installed",
"Name": "qt5-networkauth-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414245004",
"Version": "1",
"Comment": "qt5-networkauth-doc is installed",
"Name": "qt5-networkauth-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14245/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414245001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14245/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414245001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-networkauth is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414245001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414245001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414245002",
"Version": "1",
"Check": "all",
"Comment": "qt5-networkauth-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414245002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414245001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414245003",
"Version": "1",
"Check": "all",
"Comment": "qt5-networkauth-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414245003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414245001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414245004",
"Version": "1",
"Check": "all",
"Comment": "qt5-networkauth-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414245004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414245001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14246/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414246",
"Version": "oval:org.altlinux.errata:def:202414246",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14246: package `qt5-multimedia` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14246",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14246",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-multimedia to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414246001",
"Comment": "libqt5-multimedia is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414246002",
"Comment": "qt5-multimedia-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414246003",
"Comment": "qt5-multimedia-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414246004",
"Comment": "qt5-multimedia-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14246/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414246001",
"Version": "1",
"Comment": "libqt5-multimedia is installed",
"Name": "libqt5-multimedia"
},
{
"ID": "oval:org.altlinux.errata:obj:202414246002",
"Version": "1",
"Comment": "qt5-multimedia-common is installed",
"Name": "qt5-multimedia-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414246003",
"Version": "1",
"Comment": "qt5-multimedia-devel is installed",
"Name": "qt5-multimedia-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414246004",
"Version": "1",
"Comment": "qt5-multimedia-doc is installed",
"Name": "qt5-multimedia-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14246/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414246001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14246/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414246001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-multimedia is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414246001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414246001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414246002",
"Version": "1",
"Check": "all",
"Comment": "qt5-multimedia-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414246002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414246001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414246003",
"Version": "1",
"Check": "all",
"Comment": "qt5-multimedia-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414246003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414246001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414246004",
"Version": "1",
"Check": "all",
"Comment": "qt5-multimedia-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414246004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414246001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14247/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414247",
"Version": "oval:org.altlinux.errata:def:202414247",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14247: package `qt5-script` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14247",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14247",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-script to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414247001",
"Comment": "libqt5-script is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414247002",
"Comment": "qt5-script-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414247003",
"Comment": "qt5-script-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414247004",
"Comment": "qt5-script-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14247/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414247001",
"Version": "1",
"Comment": "libqt5-script is installed",
"Name": "libqt5-script"
},
{
"ID": "oval:org.altlinux.errata:obj:202414247002",
"Version": "1",
"Comment": "qt5-script-common is installed",
"Name": "qt5-script-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414247003",
"Version": "1",
"Comment": "qt5-script-devel is installed",
"Name": "qt5-script-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414247004",
"Version": "1",
"Comment": "qt5-script-doc is installed",
"Name": "qt5-script-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14247/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414247001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14247/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414247001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-script is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414247001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414247001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414247002",
"Version": "1",
"Check": "all",
"Comment": "qt5-script-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414247002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414247001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414247003",
"Version": "1",
"Check": "all",
"Comment": "qt5-script-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414247003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414247001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414247004",
"Version": "1",
"Check": "all",
"Comment": "qt5-script-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414247004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414247001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14248/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414248",
"Version": "oval:org.altlinux.errata:def:202414248",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14248: package `qt5-x11extras` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14248",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14248",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-x11extras to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414248001",
"Comment": "libqt5-x11extras is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414248002",
"Comment": "qt5-x11extras-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414248003",
"Comment": "qt5-x11extras-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414248004",
"Comment": "qt5-x11extras-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14248/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414248001",
"Version": "1",
"Comment": "libqt5-x11extras is installed",
"Name": "libqt5-x11extras"
},
{
"ID": "oval:org.altlinux.errata:obj:202414248002",
"Version": "1",
"Comment": "qt5-x11extras-common is installed",
"Name": "qt5-x11extras-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414248003",
"Version": "1",
"Comment": "qt5-x11extras-devel is installed",
"Name": "qt5-x11extras-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414248004",
"Version": "1",
"Comment": "qt5-x11extras-doc is installed",
"Name": "qt5-x11extras-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14248/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414248001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14248/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414248001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-x11extras is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414248001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414248001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414248002",
"Version": "1",
"Check": "all",
"Comment": "qt5-x11extras-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414248002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414248001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414248003",
"Version": "1",
"Check": "all",
"Comment": "qt5-x11extras-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414248003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414248001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414248004",
"Version": "1",
"Check": "all",
"Comment": "qt5-x11extras-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414248004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414248001"
}
}
]
}

117
oval/p10/ALT-PU-2024-14249/definitions.json Normal file
View File

@ -0,0 +1,117 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414249",
"Version": "oval:org.altlinux.errata:def:202414249",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14249: package `qt5-webkit` update to version 5.212.0-alt26",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14249",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14249",
"Source": "ALTPU"
}
],
"Description": "This update upgrades qt5-webkit to version 5.212.0-alt26. \nSecurity Fix(es):\n\n * #46582: qt5-webkit: ошибка сборки на архитектуре LoongArch",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": null,
"Bugzilla": [
{
"ID": "46582",
"Href": "https://bugzilla.altlinux.org/46582",
"Data": "qt5-webkit: ошибка сборки на архитектуре LoongArch"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414249001",
"Comment": "libqt5-webkit is earlier than 0:5.212.0-alt26"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414249002",
"Comment": "libqt5-webkitwidgets is earlier than 0:5.212.0-alt26"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414249003",
"Comment": "qt5-webkit-common is earlier than 0:5.212.0-alt26"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414249004",
"Comment": "qt5-webkit-devel is earlier than 0:5.212.0-alt26"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414249005",
"Comment": "qt5-webkit-doc is earlier than 0:5.212.0-alt26"
}
]
}
]
}
}
]
}

58
oval/p10/ALT-PU-2024-14249/objects.json Normal file
View File

@ -0,0 +1,58 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414249001",
"Version": "1",
"Comment": "libqt5-webkit is installed",
"Name": "libqt5-webkit"
},
{
"ID": "oval:org.altlinux.errata:obj:202414249002",
"Version": "1",
"Comment": "libqt5-webkitwidgets is installed",
"Name": "libqt5-webkitwidgets"
},
{
"ID": "oval:org.altlinux.errata:obj:202414249003",
"Version": "1",
"Comment": "qt5-webkit-common is installed",
"Name": "qt5-webkit-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414249004",
"Version": "1",
"Comment": "qt5-webkit-devel is installed",
"Name": "qt5-webkit-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414249005",
"Version": "1",
"Comment": "qt5-webkit-doc is installed",
"Name": "qt5-webkit-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14249/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414249001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.212.0-alt26",
"Arch": {},
"EVR": {
"Text": "0:5.212.0-alt26",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

78
oval/p10/ALT-PU-2024-14249/tests.json Normal file
View File

@ -0,0 +1,78 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414249001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-webkit is earlier than 0:5.212.0-alt26",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414249001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414249001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414249002",
"Version": "1",
"Check": "all",
"Comment": "libqt5-webkitwidgets is earlier than 0:5.212.0-alt26",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414249002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414249001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414249003",
"Version": "1",
"Check": "all",
"Comment": "qt5-webkit-common is earlier than 0:5.212.0-alt26",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414249003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414249001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414249004",
"Version": "1",
"Check": "all",
"Comment": "qt5-webkit-devel is earlier than 0:5.212.0-alt26",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414249004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414249001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414249005",
"Version": "1",
"Check": "all",
"Comment": "qt5-webkit-doc is earlier than 0:5.212.0-alt26",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414249005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414249001"
}
}
]
}

451
oval/p10/ALT-PU-2024-14250/definitions.json Normal file
View File

File diff suppressed because one or more lines are too long

184
oval/p10/ALT-PU-2024-14250/objects.json Normal file
View File

@ -0,0 +1,184 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414250001",
"Version": "1",
"Comment": "libqt5-concurrent is installed",
"Name": "libqt5-concurrent"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250002",
"Version": "1",
"Comment": "libqt5-core is installed",
"Name": "libqt5-core"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250003",
"Version": "1",
"Comment": "libqt5-dbus is installed",
"Name": "libqt5-dbus"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250004",
"Version": "1",
"Comment": "libqt5-eglfsdeviceintegration is installed",
"Name": "libqt5-eglfsdeviceintegration"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250005",
"Version": "1",
"Comment": "libqt5-eglfskmssupport is installed",
"Name": "libqt5-eglfskmssupport"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250006",
"Version": "1",
"Comment": "libqt5-gui is installed",
"Name": "libqt5-gui"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250007",
"Version": "1",
"Comment": "libqt5-network is installed",
"Name": "libqt5-network"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250008",
"Version": "1",
"Comment": "libqt5-opengl is installed",
"Name": "libqt5-opengl"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250009",
"Version": "1",
"Comment": "libqt5-printsupport is installed",
"Name": "libqt5-printsupport"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250010",
"Version": "1",
"Comment": "libqt5-sql is installed",
"Name": "libqt5-sql"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250011",
"Version": "1",
"Comment": "libqt5-test is installed",
"Name": "libqt5-test"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250012",
"Version": "1",
"Comment": "libqt5-widgets is installed",
"Name": "libqt5-widgets"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250013",
"Version": "1",
"Comment": "libqt5-xcbqpa is installed",
"Name": "libqt5-xcbqpa"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250014",
"Version": "1",
"Comment": "libqt5-xml is installed",
"Name": "libqt5-xml"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250015",
"Version": "1",
"Comment": "qt5-base-common is installed",
"Name": "qt5-base-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250016",
"Version": "1",
"Comment": "qt5-base-devel is installed",
"Name": "qt5-base-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250017",
"Version": "1",
"Comment": "qt5-base-devel-static is installed",
"Name": "qt5-base-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250018",
"Version": "1",
"Comment": "qt5-base-doc is installed",
"Name": "qt5-base-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250019",
"Version": "1",
"Comment": "qt5-qtbase is installed",
"Name": "qt5-qtbase"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250020",
"Version": "1",
"Comment": "qt5-qtbase-gui is installed",
"Name": "qt5-qtbase-gui"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250021",
"Version": "1",
"Comment": "qt5-sql is installed",
"Name": "qt5-sql"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250022",
"Version": "1",
"Comment": "qt5-sql-interbase is installed",
"Name": "qt5-sql-interbase"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250023",
"Version": "1",
"Comment": "qt5-sql-mysql is installed",
"Name": "qt5-sql-mysql"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250024",
"Version": "1",
"Comment": "qt5-sql-odbc is installed",
"Name": "qt5-sql-odbc"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250025",
"Version": "1",
"Comment": "qt5-sql-postgresql is installed",
"Name": "qt5-sql-postgresql"
},
{
"ID": "oval:org.altlinux.errata:obj:202414250026",
"Version": "1",
"Comment": "rpm-macros-qt5 is installed",
"Name": "rpm-macros-qt5"
}
]
}

23
oval/p10/ALT-PU-2024-14250/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414250001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

330
oval/p10/ALT-PU-2024-14250/tests.json Normal file
View File

@ -0,0 +1,330 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414250001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-concurrent is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250002",
"Version": "1",
"Check": "all",
"Comment": "libqt5-core is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250003",
"Version": "1",
"Check": "all",
"Comment": "libqt5-dbus is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250004",
"Version": "1",
"Check": "all",
"Comment": "libqt5-eglfsdeviceintegration is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250005",
"Version": "1",
"Check": "all",
"Comment": "libqt5-eglfskmssupport is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250006",
"Version": "1",
"Check": "all",
"Comment": "libqt5-gui is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250007",
"Version": "1",
"Check": "all",
"Comment": "libqt5-network is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250008",
"Version": "1",
"Check": "all",
"Comment": "libqt5-opengl is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250009",
"Version": "1",
"Check": "all",
"Comment": "libqt5-printsupport is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250010",
"Version": "1",
"Check": "all",
"Comment": "libqt5-sql is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250011",
"Version": "1",
"Check": "all",
"Comment": "libqt5-test is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250012",
"Version": "1",
"Check": "all",
"Comment": "libqt5-widgets is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250012"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250013",
"Version": "1",
"Check": "all",
"Comment": "libqt5-xcbqpa is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250013"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250014",
"Version": "1",
"Check": "all",
"Comment": "libqt5-xml is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250014"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250015",
"Version": "1",
"Check": "all",
"Comment": "qt5-base-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250015"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250016",
"Version": "1",
"Check": "all",
"Comment": "qt5-base-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250016"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250017",
"Version": "1",
"Check": "all",
"Comment": "qt5-base-devel-static is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250017"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250018",
"Version": "1",
"Check": "all",
"Comment": "qt5-base-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250018"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250019",
"Version": "1",
"Check": "all",
"Comment": "qt5-qtbase is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250019"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250020",
"Version": "1",
"Check": "all",
"Comment": "qt5-qtbase-gui is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250020"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250021",
"Version": "1",
"Check": "all",
"Comment": "qt5-sql is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250021"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250022",
"Version": "1",
"Check": "all",
"Comment": "qt5-sql-interbase is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250022"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250023",
"Version": "1",
"Check": "all",
"Comment": "qt5-sql-mysql is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250023"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250024",
"Version": "1",
"Check": "all",
"Comment": "qt5-sql-odbc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250024"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250025",
"Version": "1",
"Check": "all",
"Comment": "qt5-sql-postgresql is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250025"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414250026",
"Version": "1",
"Check": "all",
"Comment": "rpm-macros-qt5 is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414250026"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414250001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14251/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414251",
"Version": "oval:org.altlinux.errata:def:202414251",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14251: package `qt5-xmlpatterns` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14251",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14251",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-xmlpatterns to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414251001",
"Comment": "libqt5-xmlpatterns is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414251002",
"Comment": "qt5-xmlpatterns-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414251003",
"Comment": "qt5-xmlpatterns-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414251004",
"Comment": "qt5-xmlpatterns-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14251/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414251001",
"Version": "1",
"Comment": "libqt5-xmlpatterns is installed",
"Name": "libqt5-xmlpatterns"
},
{
"ID": "oval:org.altlinux.errata:obj:202414251002",
"Version": "1",
"Comment": "qt5-xmlpatterns-common is installed",
"Name": "qt5-xmlpatterns-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414251003",
"Version": "1",
"Comment": "qt5-xmlpatterns-devel is installed",
"Name": "qt5-xmlpatterns-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414251004",
"Version": "1",
"Comment": "qt5-xmlpatterns-doc is installed",
"Name": "qt5-xmlpatterns-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14251/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414251001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14251/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414251001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-xmlpatterns is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414251001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414251001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414251002",
"Version": "1",
"Check": "all",
"Comment": "qt5-xmlpatterns-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414251002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414251001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414251003",
"Version": "1",
"Check": "all",
"Comment": "qt5-xmlpatterns-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414251003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414251001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414251004",
"Version": "1",
"Check": "all",
"Comment": "qt5-xmlpatterns-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414251004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414251001"
}
}
]
}

299
oval/p10/ALT-PU-2024-14252/definitions.json Normal file
View File

@ -0,0 +1,299 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414252",
"Version": "oval:org.altlinux.errata:def:202414252",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14252: package `qt5-tools` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14252",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14252",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-tools to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414252001",
"Comment": "libqt5-designer is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252002",
"Comment": "libqt5-designercomponents is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252003",
"Comment": "libqt5-help is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252004",
"Comment": "qt5-assistant is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252005",
"Comment": "qt5-dbus is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252006",
"Comment": "qt5-designer is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252007",
"Comment": "qt5-tools is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252008",
"Comment": "qt5-tools-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252009",
"Comment": "qt5-tools-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252010",
"Comment": "qt5-tools-devel-static is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414252011",
"Comment": "qt5-tools-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

94
oval/p10/ALT-PU-2024-14252/objects.json Normal file
View File

@ -0,0 +1,94 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414252001",
"Version": "1",
"Comment": "libqt5-designer is installed",
"Name": "libqt5-designer"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252002",
"Version": "1",
"Comment": "libqt5-designercomponents is installed",
"Name": "libqt5-designercomponents"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252003",
"Version": "1",
"Comment": "libqt5-help is installed",
"Name": "libqt5-help"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252004",
"Version": "1",
"Comment": "qt5-assistant is installed",
"Name": "qt5-assistant"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252005",
"Version": "1",
"Comment": "qt5-dbus is installed",
"Name": "qt5-dbus"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252006",
"Version": "1",
"Comment": "qt5-designer is installed",
"Name": "qt5-designer"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252007",
"Version": "1",
"Comment": "qt5-tools is installed",
"Name": "qt5-tools"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252008",
"Version": "1",
"Comment": "qt5-tools-common is installed",
"Name": "qt5-tools-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252009",
"Version": "1",
"Comment": "qt5-tools-devel is installed",
"Name": "qt5-tools-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252010",
"Version": "1",
"Comment": "qt5-tools-devel-static is installed",
"Name": "qt5-tools-devel-static"
},
{
"ID": "oval:org.altlinux.errata:obj:202414252011",
"Version": "1",
"Comment": "qt5-tools-doc is installed",
"Name": "qt5-tools-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14252/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414252001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

150
oval/p10/ALT-PU-2024-14252/tests.json Normal file
View File

@ -0,0 +1,150 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414252001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-designer is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252002",
"Version": "1",
"Check": "all",
"Comment": "libqt5-designercomponents is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252003",
"Version": "1",
"Check": "all",
"Comment": "libqt5-help is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252004",
"Version": "1",
"Check": "all",
"Comment": "qt5-assistant is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252005",
"Version": "1",
"Check": "all",
"Comment": "qt5-dbus is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252006",
"Version": "1",
"Check": "all",
"Comment": "qt5-designer is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252007",
"Version": "1",
"Check": "all",
"Comment": "qt5-tools is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252008",
"Version": "1",
"Check": "all",
"Comment": "qt5-tools-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252009",
"Version": "1",
"Check": "all",
"Comment": "qt5-tools-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252010",
"Version": "1",
"Check": "all",
"Comment": "qt5-tools-devel-static is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414252011",
"Version": "1",
"Check": "all",
"Comment": "qt5-tools-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414252011"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414252001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14253/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414253",
"Version": "oval:org.altlinux.errata:def:202414253",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14253: package `qt5-serialport` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14253",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14253",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-serialport to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414253001",
"Comment": "libqt5-serialport is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414253002",
"Comment": "qt5-serialport-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414253003",
"Comment": "qt5-serialport-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414253004",
"Comment": "qt5-serialport-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14253/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414253001",
"Version": "1",
"Comment": "libqt5-serialport is installed",
"Name": "libqt5-serialport"
},
{
"ID": "oval:org.altlinux.errata:obj:202414253002",
"Version": "1",
"Comment": "qt5-serialport-common is installed",
"Name": "qt5-serialport-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414253003",
"Version": "1",
"Comment": "qt5-serialport-devel is installed",
"Name": "qt5-serialport-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414253004",
"Version": "1",
"Comment": "qt5-serialport-doc is installed",
"Name": "qt5-serialport-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14253/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414253001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14253/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414253001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-serialport is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414253001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414253001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414253002",
"Version": "1",
"Check": "all",
"Comment": "qt5-serialport-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414253002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414253001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414253003",
"Version": "1",
"Check": "all",
"Comment": "qt5-serialport-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414253003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414253001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414253004",
"Version": "1",
"Check": "all",
"Comment": "qt5-serialport-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414253004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414253001"
}
}
]
}

279
oval/p10/ALT-PU-2024-14254/definitions.json Normal file
View File

@ -0,0 +1,279 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414254",
"Version": "oval:org.altlinux.errata:def:202414254",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14254: package `qt5-location` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14254",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14254",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-location to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414254001",
"Comment": "libqt5-location is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414254002",
"Comment": "libqt5-positioning is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414254003",
"Comment": "libqt5-positioningquick is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414254004",
"Comment": "qt5-location-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414254005",
"Comment": "qt5-location-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414254006",
"Comment": "qt5-location-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

64
oval/p10/ALT-PU-2024-14254/objects.json Normal file
View File

@ -0,0 +1,64 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414254001",
"Version": "1",
"Comment": "libqt5-location is installed",
"Name": "libqt5-location"
},
{
"ID": "oval:org.altlinux.errata:obj:202414254002",
"Version": "1",
"Comment": "libqt5-positioning is installed",
"Name": "libqt5-positioning"
},
{
"ID": "oval:org.altlinux.errata:obj:202414254003",
"Version": "1",
"Comment": "libqt5-positioningquick is installed",
"Name": "libqt5-positioningquick"
},
{
"ID": "oval:org.altlinux.errata:obj:202414254004",
"Version": "1",
"Comment": "qt5-location-common is installed",
"Name": "qt5-location-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414254005",
"Version": "1",
"Comment": "qt5-location-devel is installed",
"Name": "qt5-location-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414254006",
"Version": "1",
"Comment": "qt5-location-doc is installed",
"Name": "qt5-location-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14254/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414254001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

90
oval/p10/ALT-PU-2024-14254/tests.json Normal file
View File

@ -0,0 +1,90 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414254001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-location is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414254001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414254001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414254002",
"Version": "1",
"Check": "all",
"Comment": "libqt5-positioning is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414254002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414254001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414254003",
"Version": "1",
"Check": "all",
"Comment": "libqt5-positioningquick is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414254003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414254001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414254004",
"Version": "1",
"Check": "all",
"Comment": "qt5-location-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414254004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414254001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414254005",
"Version": "1",
"Check": "all",
"Comment": "qt5-location-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414254005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414254001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414254006",
"Version": "1",
"Check": "all",
"Comment": "qt5-location-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414254006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414254001"
}
}
]
}

271
oval/p10/ALT-PU-2024-14255/definitions.json Normal file
View File

@ -0,0 +1,271 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414255",
"Version": "oval:org.altlinux.errata:def:202414255",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14255: package `qt5-sensors` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14255",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14255",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-sensors to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414255001",
"Comment": "libqt5-sensors is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414255002",
"Comment": "qt5-sensors-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414255003",
"Comment": "qt5-sensors-devel is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414255004",
"Comment": "qt5-sensors-doc is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

52
oval/p10/ALT-PU-2024-14255/objects.json Normal file
View File

@ -0,0 +1,52 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414255001",
"Version": "1",
"Comment": "libqt5-sensors is installed",
"Name": "libqt5-sensors"
},
{
"ID": "oval:org.altlinux.errata:obj:202414255002",
"Version": "1",
"Comment": "qt5-sensors-common is installed",
"Name": "qt5-sensors-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414255003",
"Version": "1",
"Comment": "qt5-sensors-devel is installed",
"Name": "qt5-sensors-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:202414255004",
"Version": "1",
"Comment": "qt5-sensors-doc is installed",
"Name": "qt5-sensors-doc"
}
]
}

23
oval/p10/ALT-PU-2024-14255/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414255001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

66
oval/p10/ALT-PU-2024-14255/tests.json Normal file
View File

@ -0,0 +1,66 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414255001",
"Version": "1",
"Check": "all",
"Comment": "libqt5-sensors is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414255001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414255001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414255002",
"Version": "1",
"Check": "all",
"Comment": "qt5-sensors-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414255002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414255001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414255003",
"Version": "1",
"Check": "all",
"Comment": "qt5-sensors-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414255003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414255001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414255004",
"Version": "1",
"Check": "all",
"Comment": "qt5-sensors-doc is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414255004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414255001"
}
}
]
}

267
oval/p10/ALT-PU-2024-14256/definitions.json Normal file
View File

@ -0,0 +1,267 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202414256",
"Version": "oval:org.altlinux.errata:def:202414256",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-14256: package `qt5-webglplugin` update to version 5.15.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-14256",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14256",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-03689",
"RefURL": "https://bdu.fstec.ru/vul/2023-03689",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03802",
"RefURL": "https://bdu.fstec.ru/vul/2023-03802",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03803",
"RefURL": "https://bdu.fstec.ru/vul/2023-03803",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05105",
"RefURL": "https://bdu.fstec.ru/vul/2023-05105",
"Source": "BDU"
},
{
"RefID": "BDU:2023-05106",
"RefURL": "https://bdu.fstec.ru/vul/2023-05106",
"Source": "BDU"
},
{
"RefID": "BDU:2023-09121",
"RefURL": "https://bdu.fstec.ru/vul/2023-09121",
"Source": "BDU"
},
{
"RefID": "CVE-2023-32573",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32762",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Source": "CVE"
},
{
"RefID": "CVE-2023-32763",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Source": "CVE"
},
{
"RefID": "CVE-2023-34410",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Source": "CVE"
},
{
"RefID": "CVE-2023-37369",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Source": "CVE"
},
{
"RefID": "CVE-2023-38197",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Source": "CVE"
}
],
"Description": "This update upgrades qt5-webglplugin to version 5.15.15-alt1. \nSecurity Fix(es):\n\n * BDU:2023-03689: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03802: Уязвимость компонента QTextLayout кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03803: Уязвимость кроссплатформенного фреймворка для разработки программного обеспечения Qt, связанная с передачей защищаемой информации в незашифрованном виде, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2023-05105: Уязвимость функции QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-05106: Уязвимость функции QSvgFont (Qt SVG) кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-09121: Уязвимость функции fastScanName() класса QXmlStreamReader кроссплатформенного фреймворка для разработки программного обеспечения Qt, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-32573: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.\n\n * CVE-2023-32762: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.\n\n * CVE-2023-32763: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.\n\n * CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.\n\n * CVE-2023-37369: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.\n\n * CVE-2023-38197: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-11-02"
},
"Updated": {
"Date": "2024-11-02"
},
"BDUs": [
{
"ID": "BDU:2023-03689",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://bdu.fstec.ru/vul/2023-03689",
"Impact": "Low",
"Public": "20230604"
},
{
"ID": "BDU:2023-03802",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-03802",
"Impact": "High",
"Public": "20230522"
},
{
"ID": "BDU:2023-03803",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-319",
"Href": "https://bdu.fstec.ru/vul/2023-03803",
"Impact": "Low",
"Public": "20230508"
},
{
"ID": "BDU:2023-05105",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2023-05105",
"Impact": "High",
"Public": "20230712"
},
{
"ID": "BDU:2023-05106",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2023-05106",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "BDU:2023-09121",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2023-09121",
"Impact": "High",
"Public": "20230628"
}
],
"CVEs": [
{
"ID": "CVE-2023-32573",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32573",
"Impact": "Low",
"Public": "20230510"
},
{
"ID": "CVE-2023-32762",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32762",
"Impact": "Low",
"Public": "20230528"
},
{
"ID": "CVE-2023-32763",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-32763",
"Impact": "High",
"Public": "20230528"
},
{
"ID": "CVE-2023-34410",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-295",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-34410",
"Impact": "Low",
"Public": "20230605"
},
{
"ID": "CVE-2023-37369",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-37369",
"Impact": "High",
"Public": "20230820"
},
{
"ID": "CVE-2023-38197",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-38197",
"Impact": "High",
"Public": "20230713"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202414256001",
"Comment": "qt5-webglplugin is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414256002",
"Comment": "qt5-webglplugin-common is earlier than 0:5.15.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202414256003",
"Comment": "qt5-webglplugin-devel is earlier than 0:5.15.15-alt1"
}
]
}
]
}
}
]
}

46
oval/p10/ALT-PU-2024-14256/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:202414256001",
"Version": "1",
"Comment": "qt5-webglplugin is installed",
"Name": "qt5-webglplugin"
},
{
"ID": "oval:org.altlinux.errata:obj:202414256002",
"Version": "1",
"Comment": "qt5-webglplugin-common is installed",
"Name": "qt5-webglplugin-common"
},
{
"ID": "oval:org.altlinux.errata:obj:202414256003",
"Version": "1",
"Comment": "qt5-webglplugin-devel is installed",
"Name": "qt5-webglplugin-devel"
}
]
}

23
oval/p10/ALT-PU-2024-14256/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:202414256001",
"Version": "1",
"Comment": "package EVR is earlier than 0:5.15.15-alt1",
"Arch": {},
"EVR": {
"Text": "0:5.15.15-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p10/ALT-PU-2024-14256/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:202414256001",
"Version": "1",
"Check": "all",
"Comment": "qt5-webglplugin is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414256001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414256001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414256002",
"Version": "1",
"Check": "all",
"Comment": "qt5-webglplugin-common is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414256002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414256001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:202414256003",
"Version": "1",
"Check": "all",
"Comment": "qt5-webglplugin-devel is earlier than 0:5.15.15-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:202414256003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:202414256001"
}
}
]
}

Some files were not shown because too many files have changed in this diff Show More