pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-03-25 15:02:24 +00:00
parent 0bb67e62a3
commit e857cada26
17 changed files with 982 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
oval/c10f1/ALT-PU-2024-4187/definitions.json Normal file
View File

@ -0,0 +1,126 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20244187",
"Version": "oval:org.altlinux.errata:def:20244187",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-4187: package `vault` update to version 1.13.12-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-4187",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-4187",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-08660",
"RefURL": "https://bdu.fstec.ru/vul/2023-08660",
"Source": "BDU"
},
{
"RefID": "CVE-2023-3775",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-3775",
"Source": "CVE"
},
{
"RefID": "CVE-2023-4680",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-4680",
"Source": "CVE"
},
{
"RefID": "CVE-2023-6337",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-6337",
"Source": "CVE"
}
],
"Description": "This update upgrades vault to version 1.13.12-alt2. \nSecurity Fix(es):\n\n * BDU:2023-08660: Уязвимость компонента max_request_duration платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-3775: A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.\n\n * CVE-2023-4680: HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.\n\n * CVE-2023-6337: HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in Vault 1.15.4, 1.14.8, 1.13.12.\n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-25"
},
"Updated": {
"Date": "2024-03-25"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-770",
"Href": "https://bdu.fstec.ru/vul/2023-08660",
"Impact": "High",
"Public": "20231127",
"CveID": "BDU:2023-08660"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-3775",
"Impact": "Low",
"Public": "20230929",
"CveID": "CVE-2023-3775"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"Cwe": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-4680",
"Impact": "Low",
"Public": "20230915",
"CveID": "CVE-2023-4680"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-6337",
"Impact": "High",
"Public": "20231208",
"CveID": "CVE-2023-6337"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20244187001",
"Comment": "vault is earlier than 0:1.13.12-alt2"
}
]
}
]
}
}
]
}

34
oval/c10f1/ALT-PU-2024-4187/objects.json Normal file
View File

@ -0,0 +1,34 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:4001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20244187001",
"Version": "1",
"comment": "vault is installed",
"Name": "vault"
}
]
}

23
oval/c10f1/ALT-PU-2024-4187/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:4001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20244187001",
"Version": "1",
"Comment": "package EVR is earlier than 0:1.13.12-alt2",
"Arch": {},
"Evr": {
"Text": "0:1.13.12-alt2",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

30
oval/c10f1/ALT-PU-2024-4187/tests.json Normal file
View File

@ -0,0 +1,30 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:4001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f1' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:4001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:4001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20244187001",
"Version": "1",
"Check": "all",
"Comment": "vault is earlier than 0:1.13.12-alt2",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244187001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244187001"
}
}
]
}

129
oval/c10f2/ALT-PU-2024-4157/definitions.json Normal file
View File

@ -0,0 +1,129 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20244157",
"Version": "oval:org.altlinux.errata:def:20244157",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-4157: package `apt` update to version 0.5.15lorg2-alt87",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-4157",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-4157",
"Source": "ALTPU"
}
],
"Description": "This update upgrades apt to version 0.5.15lorg2-alt87. \nSecurity Fix(es):\n\n * #40826: aptitude показывает только первую строчку в описании\n\n * #44941: Проблема с кодировкой в описании предупреждения\n\n * #46105: apt: ошибка сборки с GCC 13\n\n * #46251: packagekit fails to show the description of a package if it is translated\n\n * #49694: Игнорировать reason-phrase по http",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-25"
},
"Updated": {
"Date": "2024-03-25"
},
"bdu": null,
"Bugzilla": [
{
"Id": "40826",
"Href": "https://bugzilla.altlinux.org/40826",
"Data": "aptitude показывает только первую строчку в описании"
},
{
"Id": "44941",
"Href": "https://bugzilla.altlinux.org/44941",
"Data": "Проблема с кодировкой в описании предупреждения"
},
{
"Id": "46105",
"Href": "https://bugzilla.altlinux.org/46105",
"Data": "apt: ошибка сборки с GCC 13"
},
{
"Id": "46251",
"Href": "https://bugzilla.altlinux.org/46251",
"Data": "packagekit fails to show the description of a package if it is translated"
},
{
"Id": "49694",
"Href": "https://bugzilla.altlinux.org/49694",
"Data": "Игнорировать reason-phrase по http"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20244157001",
"Comment": "apt is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157002",
"Comment": "apt-basic-checkinstall is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157003",
"Comment": "apt-checkinstall is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157004",
"Comment": "apt-https is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157005",
"Comment": "apt-rsync is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157006",
"Comment": "apt-tests is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157007",
"Comment": "apt-under-pkdirect-checkinstall is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157008",
"Comment": "apt-xxtra-heavy-load-checkinstall is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157009",
"Comment": "libapt is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244157010",
"Comment": "libapt-devel is earlier than 0:0.5.15lorg2-alt87"
}
]
}
]
}
}
]
}

88
oval/c10f2/ALT-PU-2024-4157/objects.json Normal file
View File

@ -0,0 +1,88 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:5001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d+)"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20244157001",
"Version": "1",
"comment": "apt is installed",
"Name": "apt"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157002",
"Version": "1",
"comment": "apt-basic-checkinstall is installed",
"Name": "apt-basic-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157003",
"Version": "1",
"comment": "apt-checkinstall is installed",
"Name": "apt-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157004",
"Version": "1",
"comment": "apt-https is installed",
"Name": "apt-https"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157005",
"Version": "1",
"comment": "apt-rsync is installed",
"Name": "apt-rsync"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157006",
"Version": "1",
"comment": "apt-tests is installed",
"Name": "apt-tests"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157007",
"Version": "1",
"comment": "apt-under-pkdirect-checkinstall is installed",
"Name": "apt-under-pkdirect-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157008",
"Version": "1",
"comment": "apt-xxtra-heavy-load-checkinstall is installed",
"Name": "apt-xxtra-heavy-load-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157009",
"Version": "1",
"comment": "libapt is installed",
"Name": "libapt"
},
{
"ID": "oval:org.altlinux.errata:obj:20244157010",
"Version": "1",
"comment": "libapt-devel is installed",
"Name": "libapt-devel"
}
]
}

23
oval/c10f2/ALT-PU-2024-4157/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:5001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20244157001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.5.15lorg2-alt87",
"Arch": {},
"Evr": {
"Text": "0:0.5.15lorg2-alt87",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

138
oval/c10f2/ALT-PU-2024-4157/tests.json Normal file
View File

@ -0,0 +1,138 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:5001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'c10f2' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:5001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:5001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20244157001",
"Version": "1",
"Check": "all",
"Comment": "apt is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157002",
"Version": "1",
"Check": "all",
"Comment": "apt-basic-checkinstall is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157003",
"Version": "1",
"Check": "all",
"Comment": "apt-checkinstall is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157004",
"Version": "1",
"Check": "all",
"Comment": "apt-https is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157005",
"Version": "1",
"Check": "all",
"Comment": "apt-rsync is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157006",
"Version": "1",
"Check": "all",
"Comment": "apt-tests is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157007",
"Version": "1",
"Check": "all",
"Comment": "apt-under-pkdirect-checkinstall is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157008",
"Version": "1",
"Check": "all",
"Comment": "apt-xxtra-heavy-load-checkinstall is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157009",
"Version": "1",
"Check": "all",
"Comment": "libapt is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244157010",
"Version": "1",
"Check": "all",
"Comment": "libapt-devel is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244157010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244157001"
}
}
]
}

2
oval/p10/ALT-PU-2021-3270/definitions.json
View File

@ -90,7 +90,7 @@
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-un-def to version 5.14.17-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05473: Уязвимость функции detach_capi_ctr драйвера /isdn/capi/kcapi.c ядра операционных систем семейства Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05673: Уязвимость реализации функции tipc_crypto_key_rcv() протокола для внутрикластерного взаимодействия Transparent Inter-Process Communication (TIPC) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2022-02442: Уязвимость функции block_invalidatepage() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02682: Уязвимость ядра драйвера FireDTV ядра операционной системы Linux, позволяющая нарушителю вызвать аварийное завершение системы и оказать воздействие на конфиденциальность и целостность защищаемой информации\n\n * BDU:2022-05646: Уязвимость интерфейса контроллера NFC (NCI) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2021-3760: A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.\n\n * CVE-2021-4093: A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.\n\n * CVE-2021-4148: A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.\n\n * CVE-2021-42327: dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.\n\n * CVE-2021-42739: A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\n\n * CVE-2021-43267: An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.\n\n * CVE-2021-43389: An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.",
"Description": "This update upgrades kernel-image-un-def to version 5.14.17-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05473: Уязвимость функции detach_capi_ctr драйвера /isdn/capi/kcapi.c ядра операционных систем семейства Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-05673: Уязвимость реализации функции tipc_crypto_key_rcv() протокола для внутрикластерного взаимодействия Transparent Inter-Process Communication (TIPC) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2022-02442: Уязвимость функции block_invalidatepage() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-02682: Уязвимость ядра драйвера FireDTV ядра операционной системы Linux, позволяющая нарушителю вызвать аварийное завершение системы и оказать воздействие на конфиденциальность и целостность защищаемой информации\n\n * BDU:2022-05646: Уязвимость интерфейса контроллера NFC (NCI) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2021-3760: A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.\n\n * CVE-2021-4093: A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.\n\n * CVE-2021-4148: A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.\n\n * CVE-2021-42327: dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.\n\n * CVE-2021-42739: The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.\n\n * CVE-2021-43267: An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.\n\n * CVE-2021-43389: An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",

2
oval/p10/ALT-PU-2021-3573/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p10/ALT-PU-2022-1421/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p10/ALT-PU-2022-2942/definitions.json
View File

File diff suppressed because one or more lines are too long

2
oval/p10/ALT-PU-2023-4894/definitions.json
View File

File diff suppressed because one or more lines are too long

137
oval/p10/ALT-PU-2024-4068/definitions.json Normal file
View File

@ -0,0 +1,137 @@
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20244068",
"Version": "oval:org.altlinux.errata:def:20244068",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-4068: package `apt` update to version 0.5.15lorg2-alt87",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-4068",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-4068",
"Source": "ALTPU"
}
],
"Description": "This update upgrades apt to version 0.5.15lorg2-alt87. \nSecurity Fix(es):\n\n * #49694: Игнорировать reason-phrase по http",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-25"
},
"Updated": {
"Date": "2024-03-25"
},
"bdu": null,
"Bugzilla": [
{
"Id": "49694",
"Href": "https://bugzilla.altlinux.org/49694",
"Data": "Игнорировать reason-phrase по http"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20244068001",
"Comment": "apt is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068002",
"Comment": "apt-basic-checkinstall is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068003",
"Comment": "apt-checkinstall is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068004",
"Comment": "apt-https is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068005",
"Comment": "apt-rsync is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068006",
"Comment": "apt-tests is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068007",
"Comment": "apt-under-pkdirect-checkinstall is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068008",
"Comment": "apt-xxtra-heavy-load-checkinstall is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068009",
"Comment": "libapt is earlier than 0:0.5.15lorg2-alt87"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20244068010",
"Comment": "libapt-devel is earlier than 0:0.5.15lorg2-alt87"
}
]
}
]
}
}
]
}

88
oval/p10/ALT-PU-2024-4068/objects.json Normal file
View File

@ -0,0 +1,88 @@
{
"TextFileContent54Objects": [
{
"ID": "oval:org.altlinux.errata:obj:2001",
"Version": "1",
"comment": "Evaluate `/etc/os-release` file content",
"Path": {
"dataType": "string",
"Text": "/etc"
},
"Filepath": {
"Datatype": "string",
"Text": "os-release"
},
"Pattern": {
"Datatype": "string",
"Operation": "pattern match",
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
},
"Instance": {
"Datatype": "int",
"Text": "1"
}
}
],
"RpmInfoObjects": [
{
"ID": "oval:org.altlinux.errata:obj:20244068001",
"Version": "1",
"comment": "apt is installed",
"Name": "apt"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068002",
"Version": "1",
"comment": "apt-basic-checkinstall is installed",
"Name": "apt-basic-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068003",
"Version": "1",
"comment": "apt-checkinstall is installed",
"Name": "apt-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068004",
"Version": "1",
"comment": "apt-https is installed",
"Name": "apt-https"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068005",
"Version": "1",
"comment": "apt-rsync is installed",
"Name": "apt-rsync"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068006",
"Version": "1",
"comment": "apt-tests is installed",
"Name": "apt-tests"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068007",
"Version": "1",
"comment": "apt-under-pkdirect-checkinstall is installed",
"Name": "apt-under-pkdirect-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068008",
"Version": "1",
"comment": "apt-xxtra-heavy-load-checkinstall is installed",
"Name": "apt-xxtra-heavy-load-checkinstall"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068009",
"Version": "1",
"comment": "libapt is installed",
"Name": "libapt"
},
{
"ID": "oval:org.altlinux.errata:obj:20244068010",
"Version": "1",
"comment": "libapt-devel is installed",
"Name": "libapt-devel"
}
]
}

23
oval/p10/ALT-PU-2024-4068/states.json Normal file
View File

@ -0,0 +1,23 @@
{
"TextFileContent54State": [
{
"ID": "oval:org.altlinux.errata:ste:2001",
"Version": "1",
"Text": {}
}
],
"RpmInfoState": [
{
"ID": "oval:org.altlinux.errata:ste:20244068001",
"Version": "1",
"Comment": "package EVR is earlier than 0:0.5.15lorg2-alt87",
"Arch": {},
"Evr": {
"Text": "0:0.5.15lorg2-alt87",
"Datatype": "evr_string",
"Operation": "less than"
},
"Subexpression": {}
}
]
}

138
oval/p10/ALT-PU-2024-4068/tests.json Normal file
View File

@ -0,0 +1,138 @@
{
"TextFileContent54Tests": [
{
"ID": "oval:org.altlinux.errata:tst:2001",
"Version": "1",
"Check": "all",
"Comment": "ALT Linux based on branch 'p10' must be installed",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:2001"
}
}
],
"RPMInfoTests": [
{
"ID": "oval:org.altlinux.errata:tst:20244068001",
"Version": "1",
"Check": "all",
"Comment": "apt is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068001"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068002",
"Version": "1",
"Check": "all",
"Comment": "apt-basic-checkinstall is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068002"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068003",
"Version": "1",
"Check": "all",
"Comment": "apt-checkinstall is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068003"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068004",
"Version": "1",
"Check": "all",
"Comment": "apt-https is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068004"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068005",
"Version": "1",
"Check": "all",
"Comment": "apt-rsync is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068005"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068006",
"Version": "1",
"Check": "all",
"Comment": "apt-tests is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068006"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068007",
"Version": "1",
"Check": "all",
"Comment": "apt-under-pkdirect-checkinstall is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068007"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068008",
"Version": "1",
"Check": "all",
"Comment": "apt-xxtra-heavy-load-checkinstall is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068008"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068009",
"Version": "1",
"Check": "all",
"Comment": "libapt is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068009"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
},
{
"ID": "oval:org.altlinux.errata:tst:20244068010",
"Version": "1",
"Check": "all",
"Comment": "libapt-devel is earlier than 0:0.5.15lorg2-alt87",
"Object": {
"ObjectRef": "oval:org.altlinux.errata:obj:20244068010"
},
"State": {
"StateRef": "oval:org.altlinux.errata:ste:20244068001"
}
}
]
}