ALT Vulnerability
This commit is contained in:
parent
a6701aa623
commit
ec33a4b91b
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -40,7 +40,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades firefox-esr to version 78.14.0-alt0.c9.1. \nSecurity Fix(es):\n\n * BDU:2021-04558: Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-38492: When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.\n\n * CVE-2021-38493: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.",
|
||||
"Description": "This update upgrades firefox-esr to version 78.14.0-alt0.c9.1. \nSecurity Fix(es):\n\n * BDU:2021-04558: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-38492: When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.\n\n * CVE-2021-38493: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
|
||||
@ -40,7 +40,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades thunderbird to version 78.14.0-alt0.c9.1. \nSecurity Fix(es):\n\n * BDU:2021-04558: Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-38492: When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.\n\n * CVE-2021-38493: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.\n\n * #40907: В системе отсутствует пакет libotr5, из-за чего переписка в чате thunderbird выглядит нечитаемо. Нет возможности выставить статус шифрования",
|
||||
"Description": "This update upgrades thunderbird to version 78.14.0-alt0.c9.1. \nSecurity Fix(es):\n\n * BDU:2021-04558: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-38492: When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.\n\n * CVE-2021-38493: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.\n\n * #40907: В системе отсутствует пакет libotr5, из-за чего переписка в чате thunderbird выглядит нечитаемо. Нет возможности выставить статус шифрования",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
160
oval/c9f2/ALT-PU-2024-12519/definitions.json
Normal file
160
oval/c9f2/ALT-PU-2024-12519/definitions.json
Normal file
@ -0,0 +1,160 @@
|
||||
{
|
||||
"Definition": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:def:202412519",
|
||||
"Version": "oval:org.altlinux.errata:def:202412519",
|
||||
"Class": "patch",
|
||||
"Metadata": {
|
||||
"Title": "ALT-PU-2024-12519: package `git` update to version 2.42.2-alt1",
|
||||
"AffectedList": [
|
||||
{
|
||||
"Family": "unix",
|
||||
"Platforms": [
|
||||
"ALT Linux branch c9f2"
|
||||
],
|
||||
"Products": [
|
||||
"ALT SPWorkstation",
|
||||
"ALT SPServer"
|
||||
]
|
||||
}
|
||||
],
|
||||
"References": [
|
||||
{
|
||||
"RefID": "ALT-PU-2024-12519",
|
||||
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-12519",
|
||||
"Source": "ALTPU"
|
||||
},
|
||||
{
|
||||
"RefID": "BDU:2024-03872",
|
||||
"RefURL": "https://bdu.fstec.ru/vul/2024-03872",
|
||||
"Source": "BDU"
|
||||
},
|
||||
{
|
||||
"RefID": "CVE-2024-32002",
|
||||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-32002",
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades git to version 2.42.2-alt1. \nSecurity Fix(es):\n\n * BDU:2024-03872: Уязвимость распределенной системы контроля версий Git, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2024-32002: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "Critical",
|
||||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||||
"Issued": {
|
||||
"Date": "2024-09-16"
|
||||
},
|
||||
"Updated": {
|
||||
"Date": "2024-09-16"
|
||||
},
|
||||
"BDUs": [
|
||||
{
|
||||
"ID": "BDU:2024-03872",
|
||||
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
|
||||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
||||
"CWE": "CWE-22, CWE-434",
|
||||
"Href": "https://bdu.fstec.ru/vul/2024-03872",
|
||||
"Impact": "Critical",
|
||||
"Public": "20240514"
|
||||
}
|
||||
],
|
||||
"CVEs": [
|
||||
{
|
||||
"ID": "CVE-2024-32002",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
|
||||
"CWE": "CWE-59",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-32002",
|
||||
"Impact": "Critical",
|
||||
"Public": "20240514"
|
||||
}
|
||||
],
|
||||
"AffectedCPEs": {
|
||||
"CPEs": [
|
||||
"cpe:/o:alt:spworkstation:8.4",
|
||||
"cpe:/o:alt:spserver:8.4"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"Criteria": {
|
||||
"Operator": "AND",
|
||||
"Criterions": [
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||||
"Comment": "ALT Linux must be installed"
|
||||
}
|
||||
],
|
||||
"Criterias": [
|
||||
{
|
||||
"Operator": "OR",
|
||||
"Criterions": [
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519001",
|
||||
"Comment": "git is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519002",
|
||||
"Comment": "git-arch is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519003",
|
||||
"Comment": "git-contrib is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519004",
|
||||
"Comment": "git-core is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519005",
|
||||
"Comment": "git-cvs is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519006",
|
||||
"Comment": "git-diff-highlight is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519007",
|
||||
"Comment": "git-doc is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519008",
|
||||
"Comment": "git-email is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519009",
|
||||
"Comment": "git-full is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519010",
|
||||
"Comment": "git-gui is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519011",
|
||||
"Comment": "git-server is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519012",
|
||||
"Comment": "git-subtree is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519013",
|
||||
"Comment": "git-svn is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519014",
|
||||
"Comment": "gitk is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519015",
|
||||
"Comment": "gitweb is earlier than 0:2.42.2-alt1"
|
||||
},
|
||||
{
|
||||
"TestRef": "oval:org.altlinux.errata:tst:202412519016",
|
||||
"Comment": "perl-Git is earlier than 0:2.42.2-alt1"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
124
oval/c9f2/ALT-PU-2024-12519/objects.json
Normal file
124
oval/c9f2/ALT-PU-2024-12519/objects.json
Normal file
@ -0,0 +1,124 @@
|
||||
{
|
||||
"TextFileContent54Objects": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:3001",
|
||||
"Version": "1",
|
||||
"Comment": "Evaluate `/etc/os-release` file content",
|
||||
"Path": {
|
||||
"Datatype": "string",
|
||||
"Text": "/etc"
|
||||
},
|
||||
"Filepath": {
|
||||
"Datatype": "string",
|
||||
"Text": "os-release"
|
||||
},
|
||||
"Pattern": {
|
||||
"Datatype": "string",
|
||||
"Operation": "pattern match",
|
||||
"Text": "cpe:\\/o:alt:sp(?:server|workstation):(\\d\\.\\d)"
|
||||
},
|
||||
"Instance": {
|
||||
"Datatype": "int",
|
||||
"Text": "1"
|
||||
}
|
||||
}
|
||||
],
|
||||
"RPMInfoObjects": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519001",
|
||||
"Version": "1",
|
||||
"Comment": "git is installed",
|
||||
"Name": "git"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519002",
|
||||
"Version": "1",
|
||||
"Comment": "git-arch is installed",
|
||||
"Name": "git-arch"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519003",
|
||||
"Version": "1",
|
||||
"Comment": "git-contrib is installed",
|
||||
"Name": "git-contrib"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519004",
|
||||
"Version": "1",
|
||||
"Comment": "git-core is installed",
|
||||
"Name": "git-core"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519005",
|
||||
"Version": "1",
|
||||
"Comment": "git-cvs is installed",
|
||||
"Name": "git-cvs"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519006",
|
||||
"Version": "1",
|
||||
"Comment": "git-diff-highlight is installed",
|
||||
"Name": "git-diff-highlight"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519007",
|
||||
"Version": "1",
|
||||
"Comment": "git-doc is installed",
|
||||
"Name": "git-doc"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519008",
|
||||
"Version": "1",
|
||||
"Comment": "git-email is installed",
|
||||
"Name": "git-email"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519009",
|
||||
"Version": "1",
|
||||
"Comment": "git-full is installed",
|
||||
"Name": "git-full"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519010",
|
||||
"Version": "1",
|
||||
"Comment": "git-gui is installed",
|
||||
"Name": "git-gui"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519011",
|
||||
"Version": "1",
|
||||
"Comment": "git-server is installed",
|
||||
"Name": "git-server"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519012",
|
||||
"Version": "1",
|
||||
"Comment": "git-subtree is installed",
|
||||
"Name": "git-subtree"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519013",
|
||||
"Version": "1",
|
||||
"Comment": "git-svn is installed",
|
||||
"Name": "git-svn"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519014",
|
||||
"Version": "1",
|
||||
"Comment": "gitk is installed",
|
||||
"Name": "gitk"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519015",
|
||||
"Version": "1",
|
||||
"Comment": "gitweb is installed",
|
||||
"Name": "gitweb"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412519016",
|
||||
"Version": "1",
|
||||
"Comment": "perl-Git is installed",
|
||||
"Name": "perl-Git"
|
||||
}
|
||||
]
|
||||
}
|
||||
23
oval/c9f2/ALT-PU-2024-12519/states.json
Normal file
23
oval/c9f2/ALT-PU-2024-12519/states.json
Normal file
@ -0,0 +1,23 @@
|
||||
{
|
||||
"TextFileContent54State": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:ste:3001",
|
||||
"Version": "1",
|
||||
"Text": {}
|
||||
}
|
||||
],
|
||||
"RPMInfoStates": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:ste:202412519001",
|
||||
"Version": "1",
|
||||
"Comment": "package EVR is earlier than 0:2.42.2-alt1",
|
||||
"Arch": {},
|
||||
"EVR": {
|
||||
"Text": "0:2.42.2-alt1",
|
||||
"Datatype": "evr_string",
|
||||
"Operation": "less than"
|
||||
},
|
||||
"Subexpression": {}
|
||||
}
|
||||
]
|
||||
}
|
||||
210
oval/c9f2/ALT-PU-2024-12519/tests.json
Normal file
210
oval/c9f2/ALT-PU-2024-12519/tests.json
Normal file
@ -0,0 +1,210 @@
|
||||
{
|
||||
"TextFileContent54Tests": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:3001",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "ALT Linux based on branch 'c9f2' must be installed",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:3001"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:3001"
|
||||
}
|
||||
}
|
||||
],
|
||||
"RPMInfoTests": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519001",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519001"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519002",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-arch is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519002"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519003",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-contrib is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519003"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519004",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-core is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519004"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519005",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-cvs is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519005"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519006",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-diff-highlight is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519006"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519007",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-doc is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519007"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519008",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-email is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519008"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519009",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-full is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519009"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519010",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-gui is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519010"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519011",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-server is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519011"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519012",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-subtree is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519012"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519013",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "git-svn is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519013"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519014",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "gitk is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519014"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519015",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "gitweb is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519015"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412519016",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "perl-Git is earlier than 0:2.42.2-alt1",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412519016"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412519001"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
371
oval/p10/ALT-PU-2024-12790/definitions.json
Normal file
371
oval/p10/ALT-PU-2024-12790/definitions.json
Normal file
File diff suppressed because one or more lines are too long
52
oval/p10/ALT-PU-2024-12790/objects.json
Normal file
52
oval/p10/ALT-PU-2024-12790/objects.json
Normal file
@ -0,0 +1,52 @@
|
||||
{
|
||||
"TextFileContent54Objects": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:2001",
|
||||
"Version": "1",
|
||||
"Comment": "Evaluate `/etc/os-release` file content",
|
||||
"Path": {
|
||||
"Datatype": "string",
|
||||
"Text": "/etc"
|
||||
},
|
||||
"Filepath": {
|
||||
"Datatype": "string",
|
||||
"Text": "os-release"
|
||||
},
|
||||
"Pattern": {
|
||||
"Datatype": "string",
|
||||
"Operation": "pattern match",
|
||||
"Text": "cpe:\\/o:alt:(?!sp)[a-z\\-]+:p?(\\d+)(?:\\.\\d)*"
|
||||
},
|
||||
"Instance": {
|
||||
"Datatype": "int",
|
||||
"Text": "1"
|
||||
}
|
||||
}
|
||||
],
|
||||
"RPMInfoObjects": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412790001",
|
||||
"Version": "1",
|
||||
"Comment": "kernel-headers-modules-rt is installed",
|
||||
"Name": "kernel-headers-modules-rt"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412790002",
|
||||
"Version": "1",
|
||||
"Comment": "kernel-headers-rt is installed",
|
||||
"Name": "kernel-headers-rt"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412790003",
|
||||
"Version": "1",
|
||||
"Comment": "kernel-image-rt is installed",
|
||||
"Name": "kernel-image-rt"
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:obj:202412790004",
|
||||
"Version": "1",
|
||||
"Comment": "kernel-image-rt-checkinstall is installed",
|
||||
"Name": "kernel-image-rt-checkinstall"
|
||||
}
|
||||
]
|
||||
}
|
||||
23
oval/p10/ALT-PU-2024-12790/states.json
Normal file
23
oval/p10/ALT-PU-2024-12790/states.json
Normal file
@ -0,0 +1,23 @@
|
||||
{
|
||||
"TextFileContent54State": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:ste:2001",
|
||||
"Version": "1",
|
||||
"Text": {}
|
||||
}
|
||||
],
|
||||
"RPMInfoStates": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:ste:202412790001",
|
||||
"Version": "1",
|
||||
"Comment": "package EVR is earlier than 0:5.10.225-alt1.rt117",
|
||||
"Arch": {},
|
||||
"EVR": {
|
||||
"Text": "0:5.10.225-alt1.rt117",
|
||||
"Datatype": "evr_string",
|
||||
"Operation": "less than"
|
||||
},
|
||||
"Subexpression": {}
|
||||
}
|
||||
]
|
||||
}
|
||||
66
oval/p10/ALT-PU-2024-12790/tests.json
Normal file
66
oval/p10/ALT-PU-2024-12790/tests.json
Normal file
@ -0,0 +1,66 @@
|
||||
{
|
||||
"TextFileContent54Tests": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:2001",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "ALT Linux based on branch 'p10' must be installed",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:2001"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:2001"
|
||||
}
|
||||
}
|
||||
],
|
||||
"RPMInfoTests": [
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412790001",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "kernel-headers-modules-rt is earlier than 0:5.10.225-alt1.rt117",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412790001"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412790001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412790002",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "kernel-headers-rt is earlier than 0:5.10.225-alt1.rt117",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412790002"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412790001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412790003",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "kernel-image-rt is earlier than 0:5.10.225-alt1.rt117",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412790003"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412790001"
|
||||
}
|
||||
},
|
||||
{
|
||||
"ID": "oval:org.altlinux.errata:tst:202412790004",
|
||||
"Version": "1",
|
||||
"Check": "all",
|
||||
"Comment": "kernel-image-rt-checkinstall is earlier than 0:5.10.225-alt1.rt117",
|
||||
"Object": {
|
||||
"ObjectRef": "oval:org.altlinux.errata:obj:202412790004"
|
||||
},
|
||||
"State": {
|
||||
"StateRef": "oval:org.altlinux.errata:ste:202412790001"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -45,7 +45,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades thunderbird to version 78.14.0-alt0.p9.1. \nSecurity Fix(es):\n\n * BDU:2021-04558: Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-38492: When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.\n\n * CVE-2021-38493: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.\n\n * #40907: В системе отсутствует пакет libotr5, из-за чего переписка в чате thunderbird выглядит нечитаемо. Нет возможности выставить статус шифрования",
|
||||
"Description": "This update upgrades thunderbird to version 78.14.0-alt0.p9.1. \nSecurity Fix(es):\n\n * BDU:2021-04558: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-38492: When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.\n\n * CVE-2021-38493: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.\n\n * #40907: В системе отсутствует пакет libotr5, из-за чего переписка в чате thunderbird выглядит нечитаемо. Нет возможности выставить статус шифрования",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
|
||||
@ -45,7 +45,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades firefox-esr to version 78.14.0-alt0.p9.1. \nSecurity Fix(es):\n\n * BDU:2021-04558: Уязвимость браузера Mozilla Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-38492: When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.\n\n * CVE-2021-38493: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.",
|
||||
"Description": "This update upgrades firefox-esr to version 78.14.0-alt0.p9.1. \nSecurity Fix(es):\n\n * BDU:2021-04558: Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-38492: When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 92, Thunderbird \u003c 91.1, Thunderbird \u003c 78.14, Firefox ESR \u003c 78.14, and Firefox ESR \u003c 91.1.\n\n * CVE-2021-38493: Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.14, Thunderbird \u003c 78.14, and Firefox \u003c 92.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
x
Reference in New Issue
Block a user