From e4e1dc253b4b33b1cbb538d2f5f328f72972bf23 Mon Sep 17 00:00:00 2001 From: pepelyaevip <pepelyaevip@basealt.ru> Date: Sat, 19 Oct 2024 03:06:44 +0000 Subject: [PATCH] ALT Vulnerability --- oval/c9f2/ALT-PU-2024-13883/definitions.json | 231 +++++++++++++++++++ oval/c9f2/ALT-PU-2024-13883/objects.json | 40 ++++ oval/c9f2/ALT-PU-2024-13883/states.json | 23 ++ oval/c9f2/ALT-PU-2024-13883/tests.json | 42 ++++ oval/p10/ALT-PU-2024-13955/definitions.json | 109 +++++++++ oval/p10/ALT-PU-2024-13955/objects.json | 46 ++++ oval/p10/ALT-PU-2024-13955/states.json | 23 ++ oval/p10/ALT-PU-2024-13955/tests.json | 54 +++++ oval/p10/ALT-PU-2024-13957/definitions.json | 169 ++++++++++++++ oval/p10/ALT-PU-2024-13957/objects.json | 124 ++++++++++ oval/p10/ALT-PU-2024-13957/states.json | 23 ++ oval/p10/ALT-PU-2024-13957/tests.json | 210 +++++++++++++++++ 12 files changed, 1094 insertions(+) create mode 100644 oval/c9f2/ALT-PU-2024-13883/definitions.json create mode 100644 oval/c9f2/ALT-PU-2024-13883/objects.json create mode 100644 oval/c9f2/ALT-PU-2024-13883/states.json create mode 100644 oval/c9f2/ALT-PU-2024-13883/tests.json create mode 100644 oval/p10/ALT-PU-2024-13955/definitions.json create mode 100644 oval/p10/ALT-PU-2024-13955/objects.json create mode 100644 oval/p10/ALT-PU-2024-13955/states.json create mode 100644 oval/p10/ALT-PU-2024-13955/tests.json create mode 100644 oval/p10/ALT-PU-2024-13957/definitions.json create mode 100644 oval/p10/ALT-PU-2024-13957/objects.json create mode 100644 oval/p10/ALT-PU-2024-13957/states.json create mode 100644 oval/p10/ALT-PU-2024-13957/tests.json diff --git a/oval/c9f2/ALT-PU-2024-13883/definitions.json b/oval/c9f2/ALT-PU-2024-13883/definitions.json new file mode 100644 index 0000000000..827e81aa20 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-13883/definitions.json @@ -0,0 +1,231 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202413883", + "Version": "oval:org.altlinux.errata:def:202413883", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-13883: package `f2fs-tools` update to version 1.16.0-alt1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch c9f2" + ], + "Products": [ + "ALT SPWorkstation", + "ALT SPServer" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-13883", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-13883", + "Source": "ALTPU" + }, + { + "RefID": "BDU:2021-06199", + "RefURL": "https://bdu.fstec.ru/vul/2021-06199", + "Source": "BDU" + }, + { + "RefID": "BDU:2021-06200", + "RefURL": "https://bdu.fstec.ru/vul/2021-06200", + "Source": "BDU" + }, + { + "RefID": "BDU:2021-06201", + "RefURL": "https://bdu.fstec.ru/vul/2021-06201", + "Source": "BDU" + }, + { + "RefID": "BDU:2021-06202", + "RefURL": "https://bdu.fstec.ru/vul/2021-06202", + "Source": "BDU" + }, + { + "RefID": "BDU:2021-06203", + "RefURL": "https://bdu.fstec.ru/vul/2021-06203", + "Source": "BDU" + }, + { + "RefID": "CVE-2020-6070", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6070", + "Source": "CVE" + }, + { + "RefID": "CVE-2020-6104", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6104", + "Source": "CVE" + }, + { + "RefID": "CVE-2020-6105", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6105", + "Source": "CVE" + }, + { + "RefID": "CVE-2020-6106", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6106", + "Source": "CVE" + }, + { + "RefID": "CVE-2020-6107", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6107", + "Source": "CVE" + }, + { + "RefID": "CVE-2020-6108", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-6108", + "Source": "CVE" + } + ], + "Description": "This update upgrades f2fs-tools to version 1.16.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-06199: Уязвимость утилиты F2fs-Tools, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю удалять произвольные файлы\n\n * BDU:2021-06200: Уязвимость утилиты F2fs-Tools, связанная с чтением за пределами границ памяти, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * BDU:2021-06201: Уязвимость утилиты F2fs-Tools, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * BDU:2021-06202: Уязвимость утилиты F2fs-Tools, связанная с записью за пределами границ памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-06203: Уязвимость утилиты F2fs-Tools, связанная с чтением за пределами границ памяти, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * CVE-2020-6070: An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2020-6104: An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2020-6105: An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2020-6106: An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2020-6107: An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2020-6108: An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "High", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-10-18" + }, + "Updated": { + "Date": "2024-10-18" + }, + "BDUs": [ + { + "ID": "BDU:2021-06199", + "CVSS": "AV:L/AC:L/Au:S/C:N/I:C/A:N", + "CVSS3": "AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", + "CWE": "CWE-73", + "Href": "https://bdu.fstec.ru/vul/2021-06199", + "Impact": "Low", + "Public": "20201015" + }, + { + "ID": "BDU:2021-06200", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-125", + "Href": "https://bdu.fstec.ru/vul/2021-06200", + "Impact": "Low", + "Public": "20201015" + }, + { + "ID": "BDU:2021-06201", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-200", + "Href": "https://bdu.fstec.ru/vul/2021-06201", + "Impact": "Low", + "Public": "20201015" + }, + { + "ID": "BDU:2021-06202", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://bdu.fstec.ru/vul/2021-06202", + "Impact": "Low", + "Public": "20201015" + }, + { + "ID": "BDU:2021-06203", + "CVSS": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "CWE": "CWE-125", + "Href": "https://bdu.fstec.ru/vul/2021-06203", + "Impact": "Low", + "Public": "20201015" + } + ], + "CVEs": [ + { + "ID": "CVE-2020-6070", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-131", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6070", + "Impact": "High", + "Public": "20200810" + }, + { + "ID": "CVE-2020-6104", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6104", + "Impact": "Low", + "Public": "20201015" + }, + { + "ID": "CVE-2020-6105", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-610", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6105", + "Impact": "High", + "Public": "20201015" + }, + { + "ID": "CVE-2020-6106", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6106", + "Impact": "Low", + "Public": "20201015" + }, + { + "ID": "CVE-2020-6107", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "CWE": "CWE-125", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6107", + "Impact": "Low", + "Public": "20201015" + }, + { + "ID": "CVE-2020-6108", + "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "CWE": "CWE-787", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-6108", + "Impact": "High", + "Public": "20201015" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:spworkstation:8.4", + "cpe:/o:alt:spserver:8.4" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:3001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202413883001", + "Comment": "f2fs-tools is earlier than 0:1.16.0-alt1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413883002", + "Comment": "f2fs-tools-devel is earlier than 0:1.16.0-alt1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-13883/objects.json b/oval/c9f2/ALT-PU-2024-13883/objects.json new file mode 100644 index 0000000000..b8d58bebb3 --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-13883/objects.json @@ -0,0 +1,40 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:3001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202413883001", + "Version": "1", + "Comment": "f2fs-tools is installed", + "Name": "f2fs-tools" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413883002", + "Version": "1", + "Comment": "f2fs-tools-devel is installed", + "Name": "f2fs-tools-devel" + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-13883/states.json b/oval/c9f2/ALT-PU-2024-13883/states.json new file mode 100644 index 0000000000..f97f0b89bb --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-13883/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:3001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202413883001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.16.0-alt1", + "Arch": {}, + "EVR": { + "Text": "0:1.16.0-alt1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/c9f2/ALT-PU-2024-13883/tests.json b/oval/c9f2/ALT-PU-2024-13883/tests.json new file mode 100644 index 0000000000..1edefca56a --- /dev/null +++ b/oval/c9f2/ALT-PU-2024-13883/tests.json @@ -0,0 +1,42 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:3001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'c9f2' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:3001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:3001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202413883001", + "Version": "1", + "Check": "all", + "Comment": "f2fs-tools is earlier than 0:1.16.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413883001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413883001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413883002", + "Version": "1", + "Check": "all", + "Comment": "f2fs-tools-devel is earlier than 0:1.16.0-alt1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413883002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413883001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-13955/definitions.json b/oval/p10/ALT-PU-2024-13955/definitions.json new file mode 100644 index 0000000000..ee2778c0a8 --- /dev/null +++ b/oval/p10/ALT-PU-2024-13955/definitions.json @@ -0,0 +1,109 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202413955", + "Version": "oval:org.altlinux.errata:def:202413955", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-13955: package `libreoffice-online` update to version 6.2.3.2-alt8", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-13955", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-13955", + "Source": "ALTPU" + } + ], + "Description": "This update upgrades libreoffice-online to version 6.2.3.2-alt8. \nSecurity Fix(es):\n\n * #36344: Ошибка в конфигурации /etc/httpd2/conf/sites-enabled/libreoffice-online.conf", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Low", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-10-18" + }, + "Updated": { + "Date": "2024-10-18" + }, + "BDUs": null, + "Bugzilla": [ + { + "ID": "36344", + "Href": "https://bugzilla.altlinux.org/36344", + "Data": "Ошибка в конфигурации /etc/httpd2/conf/sites-enabled/libreoffice-online.conf" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202413955001", + "Comment": "libreoffice-online is earlier than 0:6.2.3.2-alt8" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413955002", + "Comment": "libreoffice-online-apache2 is earlier than 0:6.2.3.2-alt8" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413955003", + "Comment": "libreoffice-online-nginx is earlier than 0:6.2.3.2-alt8" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-13955/objects.json b/oval/p10/ALT-PU-2024-13955/objects.json new file mode 100644 index 0000000000..5aeafc1841 --- /dev/null +++ b/oval/p10/ALT-PU-2024-13955/objects.json @@ -0,0 +1,46 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202413955001", + "Version": "1", + "Comment": "libreoffice-online is installed", + "Name": "libreoffice-online" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413955002", + "Version": "1", + "Comment": "libreoffice-online-apache2 is installed", + "Name": "libreoffice-online-apache2" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413955003", + "Version": "1", + "Comment": "libreoffice-online-nginx is installed", + "Name": "libreoffice-online-nginx" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-13955/states.json b/oval/p10/ALT-PU-2024-13955/states.json new file mode 100644 index 0000000000..a3e0ff0661 --- /dev/null +++ b/oval/p10/ALT-PU-2024-13955/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202413955001", + "Version": "1", + "Comment": "package EVR is earlier than 0:6.2.3.2-alt8", + "Arch": {}, + "EVR": { + "Text": "0:6.2.3.2-alt8", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-13955/tests.json b/oval/p10/ALT-PU-2024-13955/tests.json new file mode 100644 index 0000000000..7c2d370ce2 --- /dev/null +++ b/oval/p10/ALT-PU-2024-13955/tests.json @@ -0,0 +1,54 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202413955001", + "Version": "1", + "Check": "all", + "Comment": "libreoffice-online is earlier than 0:6.2.3.2-alt8", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413955001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413955001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413955002", + "Version": "1", + "Check": "all", + "Comment": "libreoffice-online-apache2 is earlier than 0:6.2.3.2-alt8", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413955002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413955001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413955003", + "Version": "1", + "Check": "all", + "Comment": "libreoffice-online-nginx is earlier than 0:6.2.3.2-alt8", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413955003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413955001" + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-13957/definitions.json b/oval/p10/ALT-PU-2024-13957/definitions.json new file mode 100644 index 0000000000..2d534d29e2 --- /dev/null +++ b/oval/p10/ALT-PU-2024-13957/definitions.json @@ -0,0 +1,169 @@ +{ + "Definition": [ + { + "ID": "oval:org.altlinux.errata:def:202413957", + "Version": "oval:org.altlinux.errata:def:202413957", + "Class": "patch", + "Metadata": { + "Title": "ALT-PU-2024-13957: package `poco` update to version 1.12.5p2-alt0.p10.1", + "AffectedList": [ + { + "Family": "unix", + "Platforms": [ + "ALT Linux branch p10" + ], + "Products": [ + "ALT Server", + "ALT Virtualization Server", + "ALT Workstation", + "ALT Workstation K", + "ALT Education", + "Simply Linux", + "Starterkit" + ] + } + ], + "References": [ + { + "RefID": "ALT-PU-2024-13957", + "RefURL": "https://errata.altlinux.org/ALT-PU-2024-13957", + "Source": "ALTPU" + }, + { + "RefID": "CVE-2023-52389", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52389", + "Source": "CVE" + } + ], + "Description": "This update upgrades poco to version 1.12.5p2-alt0.p10.1. \nSecurity Fix(es):\n\n * CVE-2023-52389: UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.", + "Advisory": { + "From": "errata.altlinux.org", + "Severity": "Critical", + "Rights": "Copyright 2024 BaseALT Ltd.", + "Issued": { + "Date": "2024-10-18" + }, + "Updated": { + "Date": "2024-10-18" + }, + "BDUs": null, + "CVEs": [ + { + "ID": "CVE-2023-52389", + "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "CWE": "CWE-190", + "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52389", + "Impact": "Critical", + "Public": "20240127" + } + ], + "AffectedCPEs": { + "CPEs": [ + "cpe:/o:alt:kworkstation:10", + "cpe:/o:alt:workstation:10", + "cpe:/o:alt:server:10", + "cpe:/o:alt:server-v:10", + "cpe:/o:alt:education:10", + "cpe:/o:alt:slinux:10", + "cpe:/o:alt:starterkit:p10", + "cpe:/o:alt:kworkstation:10.1", + "cpe:/o:alt:workstation:10.1", + "cpe:/o:alt:server:10.1", + "cpe:/o:alt:server-v:10.1", + "cpe:/o:alt:education:10.1", + "cpe:/o:alt:slinux:10.1", + "cpe:/o:alt:starterkit:10.1", + "cpe:/o:alt:kworkstation:10.2", + "cpe:/o:alt:workstation:10.2", + "cpe:/o:alt:server:10.2", + "cpe:/o:alt:server-v:10.2", + "cpe:/o:alt:education:10.2", + "cpe:/o:alt:slinux:10.2", + "cpe:/o:alt:starterkit:10.2" + ] + } + } + }, + "Criteria": { + "Operator": "AND", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:2001", + "Comment": "ALT Linux must be installed" + } + ], + "Criterias": [ + { + "Operator": "OR", + "Criterions": [ + { + "TestRef": "oval:org.altlinux.errata:tst:202413957001", + "Comment": "libpoco is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957002", + "Comment": "libpoco-crypto is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957003", + "Comment": "libpoco-data is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957004", + "Comment": "libpoco-devel is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957005", + "Comment": "libpoco-jwt is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957006", + "Comment": "libpoco-mongodb is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957007", + "Comment": "libpoco-mysql is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957008", + "Comment": "libpoco-net is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957009", + "Comment": "libpoco-odbc is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957010", + "Comment": "libpoco-postgresql is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957011", + "Comment": "libpoco-prometheus is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957012", + "Comment": "libpoco-redis is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957013", + "Comment": "libpoco-sqlite is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957014", + "Comment": "libpoco-ssl is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957015", + "Comment": "libpoco-util is earlier than 0:1.12.5p2-alt0.p10.1" + }, + { + "TestRef": "oval:org.altlinux.errata:tst:202413957016", + "Comment": "libpoco-zip is earlier than 0:1.12.5p2-alt0.p10.1" + } + ] + } + ] + } + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-13957/objects.json b/oval/p10/ALT-PU-2024-13957/objects.json new file mode 100644 index 0000000000..1d961f28c9 --- /dev/null +++ b/oval/p10/ALT-PU-2024-13957/objects.json @@ -0,0 +1,124 @@ +{ + "TextFileContent54Objects": [ + { + "ID": "oval:org.altlinux.errata:obj:2001", + "Version": "1", + "Comment": "Evaluate `/etc/os-release` file content", + "Path": { + "Datatype": "string", + "Text": "/etc" + }, + "Filepath": { + "Datatype": "string", + "Text": "os-release" + }, + "Pattern": { + "Datatype": "string", + "Operation": "pattern match", + "Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*" + }, + "Instance": { + "Datatype": "int", + "Text": "1" + } + } + ], + "RPMInfoObjects": [ + { + "ID": "oval:org.altlinux.errata:obj:202413957001", + "Version": "1", + "Comment": "libpoco is installed", + "Name": "libpoco" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957002", + "Version": "1", + "Comment": "libpoco-crypto is installed", + "Name": "libpoco-crypto" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957003", + "Version": "1", + "Comment": "libpoco-data is installed", + "Name": "libpoco-data" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957004", + "Version": "1", + "Comment": "libpoco-devel is installed", + "Name": "libpoco-devel" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957005", + "Version": "1", + "Comment": "libpoco-jwt is installed", + "Name": "libpoco-jwt" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957006", + "Version": "1", + "Comment": "libpoco-mongodb is installed", + "Name": "libpoco-mongodb" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957007", + "Version": "1", + "Comment": "libpoco-mysql is installed", + "Name": "libpoco-mysql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957008", + "Version": "1", + "Comment": "libpoco-net is installed", + "Name": "libpoco-net" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957009", + "Version": "1", + "Comment": "libpoco-odbc is installed", + "Name": "libpoco-odbc" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957010", + "Version": "1", + "Comment": "libpoco-postgresql is installed", + "Name": "libpoco-postgresql" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957011", + "Version": "1", + "Comment": "libpoco-prometheus is installed", + "Name": "libpoco-prometheus" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957012", + "Version": "1", + "Comment": "libpoco-redis is installed", + "Name": "libpoco-redis" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957013", + "Version": "1", + "Comment": "libpoco-sqlite is installed", + "Name": "libpoco-sqlite" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957014", + "Version": "1", + "Comment": "libpoco-ssl is installed", + "Name": "libpoco-ssl" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957015", + "Version": "1", + "Comment": "libpoco-util is installed", + "Name": "libpoco-util" + }, + { + "ID": "oval:org.altlinux.errata:obj:202413957016", + "Version": "1", + "Comment": "libpoco-zip is installed", + "Name": "libpoco-zip" + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-13957/states.json b/oval/p10/ALT-PU-2024-13957/states.json new file mode 100644 index 0000000000..f1ec130edc --- /dev/null +++ b/oval/p10/ALT-PU-2024-13957/states.json @@ -0,0 +1,23 @@ +{ + "TextFileContent54State": [ + { + "ID": "oval:org.altlinux.errata:ste:2001", + "Version": "1", + "Text": {} + } + ], + "RPMInfoStates": [ + { + "ID": "oval:org.altlinux.errata:ste:202413957001", + "Version": "1", + "Comment": "package EVR is earlier than 0:1.12.5p2-alt0.p10.1", + "Arch": {}, + "EVR": { + "Text": "0:1.12.5p2-alt0.p10.1", + "Datatype": "evr_string", + "Operation": "less than" + }, + "Subexpression": {} + } + ] +} \ No newline at end of file diff --git a/oval/p10/ALT-PU-2024-13957/tests.json b/oval/p10/ALT-PU-2024-13957/tests.json new file mode 100644 index 0000000000..10e1724a33 --- /dev/null +++ b/oval/p10/ALT-PU-2024-13957/tests.json @@ -0,0 +1,210 @@ +{ + "TextFileContent54Tests": [ + { + "ID": "oval:org.altlinux.errata:tst:2001", + "Version": "1", + "Check": "all", + "Comment": "ALT Linux based on branch 'p10' must be installed", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:2001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:2001" + } + } + ], + "RPMInfoTests": [ + { + "ID": "oval:org.altlinux.errata:tst:202413957001", + "Version": "1", + "Check": "all", + "Comment": "libpoco is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957001" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957002", + "Version": "1", + "Check": "all", + "Comment": "libpoco-crypto is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957002" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957003", + "Version": "1", + "Check": "all", + "Comment": "libpoco-data is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957003" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957004", + "Version": "1", + "Check": "all", + "Comment": "libpoco-devel is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957004" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957005", + "Version": "1", + "Check": "all", + "Comment": "libpoco-jwt is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957005" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957006", + "Version": "1", + "Check": "all", + "Comment": "libpoco-mongodb is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957006" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957007", + "Version": "1", + "Check": "all", + "Comment": "libpoco-mysql is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957007" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957008", + "Version": "1", + "Check": "all", + "Comment": "libpoco-net is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957008" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957009", + "Version": "1", + "Check": "all", + "Comment": "libpoco-odbc is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957009" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957010", + "Version": "1", + "Check": "all", + "Comment": "libpoco-postgresql is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957010" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957011", + "Version": "1", + "Check": "all", + "Comment": "libpoco-prometheus is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957011" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957012", + "Version": "1", + "Check": "all", + "Comment": "libpoco-redis is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957012" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957013", + "Version": "1", + "Check": "all", + "Comment": "libpoco-sqlite is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957013" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957014", + "Version": "1", + "Check": "all", + "Comment": "libpoco-ssl is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957014" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957015", + "Version": "1", + "Check": "all", + "Comment": "libpoco-util is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957015" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + }, + { + "ID": "oval:org.altlinux.errata:tst:202413957016", + "Version": "1", + "Check": "all", + "Comment": "libpoco-zip is earlier than 0:1.12.5p2-alt0.p10.1", + "Object": { + "ObjectRef": "oval:org.altlinux.errata:obj:202413957016" + }, + "State": { + "StateRef": "oval:org.altlinux.errata:ste:202413957001" + } + } + ] +} \ No newline at end of file