pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2025-02-27 06:04:57 +00:00
parent 9557e468f7
commit e0122adcd0
18 changed files with 925 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oval/p10/ALT-PU-2024-17586/definitions.json
View File

@ -60,7 +60,7 @@
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2024-09841",
"Impact": "Low",
"Public": "20240501"
"Public": "20240306"
}
],
"CVEs": [

34
oval/p10/ALT-PU-2024-7511/definitions.json
View File

@ -686,7 +686,7 @@
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2024-09403",
"Impact": "High",
"Public": "20240501"
"Public": "20240217"
},
{
"ID": "BDU:2024-09409",
@ -695,7 +695,7 @@
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-09409",
"Impact": "Low",
"Public": "20240501"
"Public": "20240302"
},
{
"ID": "BDU:2024-09410",
@ -704,7 +704,7 @@
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-09410",
"Impact": "Low",
"Public": "20240501"
"Public": "20240302"
},
{
"ID": "BDU:2024-09723",
@ -713,7 +713,7 @@
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-09723",
"Impact": "Low",
"Public": "20240501"
"Public": "20240311"
},
{
"ID": "BDU:2024-09725",
@ -722,7 +722,7 @@
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-09725",
"Impact": "Low",
"Public": "20240501"
"Public": "20231214"
},
{
"ID": "BDU:2024-09726",
@ -731,7 +731,7 @@
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2024-09726",
"Impact": "Low",
"Public": "20240501"
"Public": "20240125"
},
{
"ID": "BDU:2024-09728",
@ -740,7 +740,7 @@
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-09728",
"Impact": "Low",
"Public": "20240501"
"Public": "20240129"
},
{
"ID": "BDU:2024-09731",
@ -749,7 +749,7 @@
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-09731",
"Impact": "Low",
"Public": "20240501"
"Public": "20240308"
},
{
"ID": "BDU:2024-09757",
@ -758,7 +758,7 @@
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2024-09757",
"Impact": "Low",
"Public": "20240501"
"Public": "20240320"
},
{
"ID": "BDU:2024-09758",
@ -767,7 +767,7 @@
"CWE": "CWE-388",
"Href": "https://bdu.fstec.ru/vul/2024-09758",
"Impact": "Low",
"Public": "20240501"
"Public": "20240218"
},
{
"ID": "BDU:2024-09845",
@ -776,7 +776,7 @@
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2024-09845",
"Impact": "Low",
"Public": "20240501"
"Public": "20240205"
},
{
"ID": "BDU:2024-09846",
@ -785,7 +785,7 @@
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2024-09846",
"Impact": "Low",
"Public": "20240501"
"Public": "20240205"
},
{
"ID": "BDU:2024-09847",
@ -794,7 +794,7 @@
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2024-09847",
"Impact": "Low",
"Public": "20240501"
"Public": "20240216"
},
{
"ID": "BDU:2024-09848",
@ -803,7 +803,7 @@
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-09848",
"Impact": "Low",
"Public": "20240501"
"Public": "20240123"
},
{
"ID": "BDU:2024-09849",
@ -812,7 +812,7 @@
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2024-09849",
"Impact": "Low",
"Public": "20240501"
"Public": "20240308"
},
{
"ID": "BDU:2024-09851",
@ -821,7 +821,7 @@
"CWE": "CWE-401",
"Href": "https://bdu.fstec.ru/vul/2024-09851",
"Impact": "Low",
"Public": "20240501"
"Public": "20240228"
},
{
"ID": "BDU:2024-09866",
@ -830,7 +830,7 @@
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2024-09866",
"Impact": "Low",
"Public": "20240501"
"Public": "20240416"
}
],
"CVEs": [

2
oval/p10/ALT-PU-2024-8916/definitions.json
View File

@ -41,7 +41,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades libcap to version 2.69-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02623: Уязвимость функции _libcap_strdup() пакета Libcap, позволяющая нарушителю выполнить произвольные PHP-файлы на сервере\n\n * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.",
"Description": "This update upgrades libcap to version 2.69-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02623: Уязвимость функции _libcap_strdup() библиотеки Libcap, позволяющая нарушителю выполнить произвольные PHP-файлы на сервере\n\n * CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",

2
oval/p11/ALT-PU-2024-17893/definitions.json
View File

@ -523,7 +523,7 @@
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2024-09855",
"Impact": "Low",
"Public": "20240501"
"Public": "20240302"
},
{
"ID": "BDU:2025-00138",

109
oval/p11/ALT-PU-2025-3314/definitions.json Normal file
View File

@ -0,0 +1,109 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20253314",
"Version": "oval:org.altlinux.errata:def:20253314",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2025-3314: package `gnutls30` update to version 3.8.9-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2025-3314",
"RefURL": "https://errata.altlinux.org/ALT-PU-2025-3314",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-12243",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243",
"Source": "CVE"
}
],
"Description": "This update upgrades gnutls30 to version 3.8.9-alt1. \nSecurity Fix(es):\n\n * CVE-2024-12243: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2025-02-26"
},
"Updated": {
"Date": "2025-02-26"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-12243",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243",
"Impact": "None",
"Public": "20250210"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20253314001",
"Comment": "gnutls-utils is earlier than 0:3.8.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253314002",
"Comment": "gnutls30-devel-doc is earlier than 0:3.8.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253314003",
"Comment": "libgnutls-devel is earlier than 0:3.8.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253314004",
"Comment": "libgnutls-openssl-devel is earlier than 0:3.8.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253314005",
"Comment": "libgnutls27-openssl is earlier than 0:3.8.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253314006",
"Comment": "libgnutls30 is earlier than 0:3.8.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253314007",
"Comment": "libgnutlsxx-devel is earlier than 0:3.8.9-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253314008",
"Comment": "libgnutlsxx30 is earlier than 0:3.8.9-alt1"
}
]
}
]
}
}
]
}

76
oval/p11/ALT-PU-2025-3314/objects.json Normal file
View File

@ -0,0 +1,76 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20253314001",
"Version": "1",
"Comment": "gnutls-utils is installed",
"Name": "gnutls-utils"
},
{
"ID": "oval:org.altlinux.errata:obj:20253314002",
"Version": "1",
"Comment": "gnutls30-devel-doc is installed",
"Name": "gnutls30-devel-doc"
},
{
"ID": "oval:org.altlinux.errata:obj:20253314003",
"Version": "1",
"Comment": "libgnutls-devel is installed",
"Name": "libgnutls-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20253314004",
"Version": "1",
"Comment": "libgnutls-openssl-devel is installed",
"Name": "libgnutls-openssl-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20253314005",
"Version": "1",
"Comment": "libgnutls27-openssl is installed",
"Name": "libgnutls27-openssl"
},
{
"ID": "oval:org.altlinux.errata:obj:20253314006",
"Version": "1",
"Comment": "libgnutls30 is installed",
"Name": "libgnutls30"
},
{
"ID": "oval:org.altlinux.errata:obj:20253314007",
"Version": "1",
"Comment": "libgnutlsxx-devel is installed",
"Name": "libgnutlsxx-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20253314008",
"Version": "1",
"Comment": "libgnutlsxx30 is installed",
"Name": "libgnutlsxx30"
}
]
}

23
oval/p11/ALT-PU-2025-3314/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20253314001",
"Version": "1",
"Comment": "package EVR is earlier than 0:3.8.9-alt1",
"Arch": {},
"EVR": {
"Text": "0:3.8.9-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

114
oval/p11/ALT-PU-2025-3314/tests.json Normal file
View File

@ -0,0 +1,114 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20253314001",
"Version": "1",
"Check": "all",
"Comment": "gnutls-utils is earlier than 0:3.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253314001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253314001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253314002",
"Version": "1",
"Check": "all",
"Comment": "gnutls30-devel-doc is earlier than 0:3.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253314002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253314001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253314003",
"Version": "1",
"Check": "all",
"Comment": "libgnutls-devel is earlier than 0:3.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253314003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253314001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253314004",
"Version": "1",
"Check": "all",
"Comment": "libgnutls-openssl-devel is earlier than 0:3.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253314004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253314001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253314005",
"Version": "1",
"Check": "all",
"Comment": "libgnutls27-openssl is earlier than 0:3.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253314005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253314001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253314006",
"Version": "1",
"Check": "all",
"Comment": "libgnutls30 is earlier than 0:3.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253314006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253314001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253314007",
"Version": "1",
"Check": "all",
"Comment": "libgnutlsxx-devel is earlier than 0:3.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253314007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253314001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253314008",
"Version": "1",
"Check": "all",
"Comment": "libgnutlsxx30 is earlier than 0:3.8.9-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253314008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253314001"
}
}
]
}

90
oval/p11/ALT-PU-2025-3353/definitions.json Normal file
View File

@ -0,0 +1,90 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20253353",
"Version": "oval:org.altlinux.errata:def:20253353",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2025-3353: package `exiv2` update to version 0.28.5-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2025-3353",
"RefURL": "https://errata.altlinux.org/ALT-PU-2025-3353",
"Source": "ALTPU"
},
{
"RefID": "CVE-2025-26623",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2025-26623",
"Source": "CVE"
}
],
"Description": "This update upgrades exiv2 to version 0.28.5-alt1. \nSecurity Fix(es):\n\n * CVE-2025-26623: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`. The bug is fixed in version v0.28.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2025-02-26"
},
"Updated": {
"Date": "2025-02-26"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2025-26623",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2025-26623",
"Impact": "None",
"Public": "20250218"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20253353001",
"Comment": "exiv2 is earlier than 0:0.28.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253353002",
"Comment": "libexiv2 is earlier than 0:0.28.5-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253353003",
"Comment": "libexiv2-devel is earlier than 0:0.28.5-alt1"
}
]
}
]
}
}
]
}

46
oval/p11/ALT-PU-2025-3353/objects.json Normal file
View File

@ -0,0 +1,46 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20253353001",
"Version": "1",
"Comment": "exiv2 is installed",
"Name": "exiv2"
},
{
"ID": "oval:org.altlinux.errata:obj:20253353002",
"Version": "1",
"Comment": "libexiv2 is installed",
"Name": "libexiv2"
},
{
"ID": "oval:org.altlinux.errata:obj:20253353003",
"Version": "1",
"Comment": "libexiv2-devel is installed",
"Name": "libexiv2-devel"
}
]
}

23
oval/p11/ALT-PU-2025-3353/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20253353001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.28.5-alt1",
"Arch": {},
"EVR": {
"Text": "0:0.28.5-alt1",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

54
oval/p11/ALT-PU-2025-3353/tests.json Normal file
View File

@ -0,0 +1,54 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20253353001",
"Version": "1",
"Check": "all",
"Comment": "exiv2 is earlier than 0:0.28.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253353001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253353001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253353002",
"Version": "1",
"Check": "all",
"Comment": "libexiv2 is earlier than 0:0.28.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253353002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253353001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253353003",
"Version": "1",
"Check": "all",
"Comment": "libexiv2-devel is earlier than 0:0.28.5-alt1",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253353003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253353001"
}
}
]
}

127
oval/p11/ALT-PU-2025-3459/definitions.json Normal file
View File

@ -0,0 +1,127 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20253459",
"Version": "oval:org.altlinux.errata:def:20253459",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2025-3459: package `packagekit` update to version 1.3.0-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2025-3459",
"RefURL": "https://errata.altlinux.org/ALT-PU-2025-3459",
"Source": "ALTPU"
},
{
"RefID": "CVE-2024-0217",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-0217",
"Source": "CVE"
}
],
"Description": "This update upgrades packagekit to version 1.3.0-alt2. \nSecurity Fix(es):\n\n * CVE-2024-0217: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.\n\n * #53144: Ошибка сегментирования при установке/удалении пакета через pkcon\n\n * #53178: pkmon: finalized without ever returning",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2025-02-26"
},
"Updated": {
"Date": "2025-02-26"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2024-0217",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-0217",
"Impact": "Low",
"Public": "20240103"
}
],
"Bugzilla": [
{
"ID": "53144",
"Href": "https://bugzilla.altlinux.org/53144",
"Data": "Ошибка сегментирования при установке/удалении пакета через pkcon"
},
{
"ID": "53178",
"Href": "https://bugzilla.altlinux.org/53178",
"Data": "pkmon: finalized without ever returning"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20253459001",
"Comment": "libpackagekit-glib is earlier than 0:1.3.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253459002",
"Comment": "libpackagekit-glib-devel is earlier than 0:1.3.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253459003",
"Comment": "libpackagekit-gtk3-module is earlier than 0:1.3.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253459004",
"Comment": "packagekit is earlier than 0:1.3.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253459005",
"Comment": "packagekit-checkinstall is earlier than 0:1.3.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253459006",
"Comment": "packagekit-command-not-found is earlier than 0:1.3.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253459007",
"Comment": "packagekit-cron is earlier than 0:1.3.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253459008",
"Comment": "packagekit-gstreamer-plugin is earlier than 0:1.3.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20253459009",
"Comment": "python3-module-packagekit is earlier than 0:1.3.0-alt2"
}
]
}
]
}
}
]
}

82
oval/p11/ALT-PU-2025-3459/objects.json Normal file
View File

@ -0,0 +1,82 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:3001",
"Version": "1",
"Comment": "Evaluate `/etc/os-release` file content",
"Path": {
"Datatype": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RPMInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20253459001",
"Version": "1",
"Comment": "libpackagekit-glib is installed",
"Name": "libpackagekit-glib"
},
{
"ID": "oval:org.altlinux.errata:obj:20253459002",
"Version": "1",
"Comment": "libpackagekit-glib-devel is installed",
"Name": "libpackagekit-glib-devel"
},
{
"ID": "oval:org.altlinux.errata:obj:20253459003",
"Version": "1",
"Comment": "libpackagekit-gtk3-module is installed",
"Name": "libpackagekit-gtk3-module"
},
{
"ID": "oval:org.altlinux.errata:obj:20253459004",
"Version": "1",
"Comment": "packagekit is installed",
"Name": "packagekit"
},
{
"ID": "oval:org.altlinux.errata:obj:20253459005",
"Version": "1",
"Comment": "packagekit-checkinstall is installed",
"Name": "packagekit-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20253459006",
"Version": "1",
"Comment": "packagekit-command-not-found is installed",
"Name": "packagekit-command-not-found"
},
{
"ID": "oval:org.altlinux.errata:obj:20253459007",
"Version": "1",
"Comment": "packagekit-cron is installed",
"Name": "packagekit-cron"
},
{
"ID": "oval:org.altlinux.errata:obj:20253459008",
"Version": "1",
"Comment": "packagekit-gstreamer-plugin is installed",
"Name": "packagekit-gstreamer-plugin"
},
{
"ID": "oval:org.altlinux.errata:obj:20253459009",
"Version": "1",
"Comment": "python3-module-packagekit is installed",
"Name": "python3-module-packagekit"
}
]
}

23
oval/p11/ALT-PU-2025-3459/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:3001",
"Version": "1",
"Text": {}
}
],
"RPMInfoStates": [
{
"ID": "oval:org.altlinux.errata:ste:20253459001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.3.0-alt2",
"Arch": {},
"EVR": {
"Text": "0:1.3.0-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

126
oval/p11/ALT-PU-2025-3459/tests.json Normal file
View File

@ -0,0 +1,126 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:3001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p11' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:3001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20253459001",
"Version": "1",
"Check": "all",
"Comment": "libpackagekit-glib is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253459002",
"Version": "1",
"Check": "all",
"Comment": "libpackagekit-glib-devel is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253459003",
"Version": "1",
"Check": "all",
"Comment": "libpackagekit-gtk3-module is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253459004",
"Version": "1",
"Check": "all",
"Comment": "packagekit is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253459005",
"Version": "1",
"Check": "all",
"Comment": "packagekit-checkinstall is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253459006",
"Version": "1",
"Check": "all",
"Comment": "packagekit-command-not-found is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253459007",
"Version": "1",
"Check": "all",
"Comment": "packagekit-cron is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253459008",
"Version": "1",
"Check": "all",
"Comment": "packagekit-gstreamer-plugin is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20253459009",
"Version": "1",
"Check": "all",
"Comment": "python3-module-packagekit is earlier than 0:1.3.0-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20253459009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20253459001"
}
}
]
}

14
oval/p11/ALT-PU-2025-3467/definitions.json
View File

@ -390,29 +390,29 @@
{
"ID": "BDU:2025-01441",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-667",
"Href": "https://bdu.fstec.ru/vul/2025-01441",
"Impact": "Low",
"Public": "20250209"
"Public": "20250114"
},
{
"ID": "BDU:2025-01442",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-662",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-662, CWE-667",
"Href": "https://bdu.fstec.ru/vul/2025-01442",
"Impact": "Low",
"Public": "20250209"
"Public": "20250115"
},
{
"ID": "BDU:2025-01443",
"CVSS": "AV:L/AC:H/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2025-01443",
"Impact": "Low",
"Public": "20250209"
"Public": "20250114"
},
{
"ID": "BDU:2025-01462",

10
oval/p11/ALT-PU-2025-3500/definitions.json
View File

@ -305,20 +305,20 @@
{
"ID": "BDU:2025-01441",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-667",
"Href": "https://bdu.fstec.ru/vul/2025-01441",
"Impact": "Low",
"Public": "20250209"
"Public": "20250114"
},
{
"ID": "BDU:2025-01442",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-662",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-662, CWE-667",
"Href": "https://bdu.fstec.ru/vul/2025-01442",
"Impact": "Low",
"Public": "20250209"
"Public": "20250115"
},
{
"ID": "BDU:2025-01462",