Support Oracle Linux Security Advisory (#18)

* Add oracle vulnsrc

* Refactoring

* Review fixed

* Fix tests
This commit is contained in:
Masahiro Fujimura 2019-11-13 23:38:30 +09:00 committed by Teppei Fukuda
parent bd6da033c2
commit afc3143fc1
27 changed files with 3126 additions and 1 deletions

View File

@ -17,6 +17,7 @@ import (
"github.com/aquasecurity/vuln-list-update/git" "github.com/aquasecurity/vuln-list-update/git"
"github.com/aquasecurity/vuln-list-update/nvd" "github.com/aquasecurity/vuln-list-update/nvd"
debianoval "github.com/aquasecurity/vuln-list-update/oval/debian" debianoval "github.com/aquasecurity/vuln-list-update/oval/debian"
oracleoval "github.com/aquasecurity/vuln-list-update/oval/oracle"
redhatoval "github.com/aquasecurity/vuln-list-update/oval/redhat" redhatoval "github.com/aquasecurity/vuln-list-update/oval/redhat"
"github.com/aquasecurity/vuln-list-update/redhat" "github.com/aquasecurity/vuln-list-update/redhat"
"github.com/aquasecurity/vuln-list-update/ubuntu" "github.com/aquasecurity/vuln-list-update/ubuntu"
@ -32,7 +33,7 @@ const (
) )
var ( var (
target = flag.String("target", "", "update target (nvd, alpine, redhat, debian, ubuntu)") target = flag.String("target", "", "update target (nvd, alpine, redhat, redhat-oval, debian, debian-oval, ubuntu, amazon, oracle-oval)")
years = flag.String("years", "", "update years (only redhat)") years = flag.String("years", "", "update years (only redhat)")
) )
@ -125,6 +126,12 @@ func run() error {
return xerrors.Errorf("error in Amazon update: %w", err) return xerrors.Errorf("error in Amazon update: %w", err)
} }
commitMsg = "Amazon Linux Security Center" commitMsg = "Amazon Linux Security Center"
case "oracle-oval":
oc := oracleoval.NewConfig()
if err := oc.Update(); err != nil {
return xerrors.Errorf("error in Oracle Linux OVAL update: %w", err)
}
commitMsg = "Oracle Linux OVAL"
default: default:
return xerrors.New("unknown target") return xerrors.New("unknown target")
} }

102
oval/oracle/oracle.go Normal file
View File

@ -0,0 +1,102 @@
package oracle
import (
"bytes"
"compress/bzip2"
"encoding/xml"
"fmt"
"log"
"os"
"path/filepath"
"strings"
"github.com/aquasecurity/vuln-list-update/utils"
"github.com/spf13/afero"
"golang.org/x/xerrors"
pb "gopkg.in/cheggaaa/pb.v1"
)
var (
ErrInvalidELSAID = xerrors.New("invalid ELSA ID")
)
const (
ovalDir = "oval"
oracleDir = "oracle"
ovalURL = "https://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2"
retry = 5
)
type Config struct {
VulnListDir string
URL string
AppFs afero.Fs
Retry int
}
func NewConfig() Config {
return Config{
VulnListDir: utils.VulnListDir(),
URL: ovalURL,
AppFs: afero.NewOsFs(),
Retry: retry,
}
}
func (c Config) Update() error {
log.Printf("Fetching Oracle")
res, err := utils.FetchURL(c.URL, "", c.Retry)
if err != nil {
return xerrors.Errorf("failed to fetch Oracle Linux OVAL: %w", err)
}
var ov Oval
ovalReader := bzip2.NewReader(bytes.NewReader(res))
err = xml.NewDecoder(ovalReader).Decode(&ov)
if err != nil {
return xerrors.Errorf("failed to decode Oracle Linux OVAL XML: %w", err)
}
dir := filepath.Join(ovalDir, oracleDir)
bar := pb.StartNew(len(ov.Definitions))
for _, def := range ov.Definitions {
def.Title = strings.TrimSpace(def.Title)
def.Description = strings.TrimSpace(def.Description)
//def.Title example: "\nELSA-2019-4827: docker-engine docker-cli security update (IMPORTANT)"
elsaID := strings.TrimSpace(strings.Split(def.Title, ":")[0])
if err = c.saveELSAPerYear(dir, elsaID, def); err != nil {
if err == ErrInvalidELSAID {
log.Printf("Invalid ELSA ID: %s\n", elsaID)
continue
}
return xerrors.Errorf("failed to save ELSAPerYear: %w", err)
}
bar.Increment()
}
bar.Finish()
return nil
}
func (c Config) saveELSAPerYear(dirName string, elsaID string, data interface{}) error {
s := strings.Split(elsaID, "-")
if len(s) < 3 {
return ErrInvalidELSAID
}
yearDir := filepath.Join(c.VulnListDir, dirName, s[1])
if err := c.AppFs.MkdirAll(yearDir, os.ModePerm); err != nil {
return xerrors.Errorf("failed to create directory: %w", err)
}
filePath := filepath.Join(yearDir, fmt.Sprintf("%s.json", elsaID))
fs := utils.NewFs(c.AppFs)
if err := fs.WriteJSON(filePath, data); err != nil {
return xerrors.Errorf("failed to write file: %w", err)
}
return nil
}

178
oval/oracle/oracle_test.go Normal file
View File

@ -0,0 +1,178 @@
package oracle_test
import (
"flag"
"io/ioutil"
"net/http"
"net/http/httptest"
"os"
"testing"
"github.com/aquasecurity/vuln-list-update/oval/oracle"
"github.com/stretchr/testify/assert"
"github.com/spf13/afero"
)
var update = flag.Bool("update", false, "update golden files")
func TestConfig_Update(t *testing.T) {
testCases := []struct {
name string
appFs afero.Fs
bzip2FileNames map[string]string
goldenFiles map[string]string
expectedErrorMsg string
}{
{
name: "positive test",
appFs: afero.NewMemMapFs(),
bzip2FileNames: map[string]string{
"/oval/com.oracle.elsa-all.xml.bz2": "testdata/all-positive-data.xml.bz2",
},
goldenFiles: map[string]string{
"/tmp/oval/oracle/2007/ELSA-2007-0057.json": "testdata/golden/ELSA-2007-0057.json",
"/tmp/oval/oracle/2008/ELSA-2008-0110.json": "testdata/golden/ELSA-2008-0110.json",
"/tmp/oval/oracle/2009/ELSA-2009-1203.json": "testdata/golden/ELSA-2009-1203.json",
"/tmp/oval/oracle/2010/ELSA-2010-0809.json": "testdata/golden/ELSA-2010-0809.json",
"/tmp/oval/oracle/2011/ELSA-2011-1268.json": "testdata/golden/ELSA-2011-1268.json",
"/tmp/oval/oracle/2012/ELSA-2012-1261.json": "testdata/golden/ELSA-2012-1261.json",
"/tmp/oval/oracle/2013/ELSA-2013-1732.json": "testdata/golden/ELSA-2013-1732.json",
"/tmp/oval/oracle/2014/ELSA-2014-2010.json": "testdata/golden/ELSA-2014-2010.json",
"/tmp/oval/oracle/2015/ELSA-2015-2561.json": "testdata/golden/ELSA-2015-2561.json",
"/tmp/oval/oracle/2016/ELSA-2016-3646.json": "testdata/golden/ELSA-2016-3646.json",
"/tmp/oval/oracle/2017/ELSA-2017-3516.json": "testdata/golden/ELSA-2017-3516.json",
"/tmp/oval/oracle/2018/ELSA-2018-3410.json": "testdata/golden/ELSA-2018-3410.json",
"/tmp/oval/oracle/2019/ELSA-2019-4820.json": "testdata/golden/ELSA-2019-4820.json",
"/tmp/oval/oracle/2019/ELSA-2019-4821.json": "testdata/golden/ELSA-2019-4821.json",
},
},
{
name: "positive test file format ELSA-XXXX-XXXX-X",
appFs: afero.NewMemMapFs(),
bzip2FileNames: map[string]string{
"/oval/com.oracle.elsa-all.xml.bz2": "testdata/elsa-2018-1196-1.xml.bz2",
},
goldenFiles: map[string]string{
"/tmp/oval/oracle/2018/ELSA-2018-1196-1.json": "testdata/golden/ELSA-2018-1196-1.json",
},
expectedErrorMsg: "",
},
{
name: "invalid filesystem write read only path",
appFs: afero.NewReadOnlyFs(afero.NewOsFs()),
bzip2FileNames: map[string]string{
"/oval/com.oracle.elsa-all.xml.bz2": "testdata/all-positive-data.xml.bz2",
},
goldenFiles: map[string]string{},
expectedErrorMsg: "failed to save ELSAPerYear: failed to create directory: operation not permitted",
},
{
name: "invalid title format",
appFs: afero.NewMemMapFs(),
bzip2FileNames: map[string]string{
"/oval/com.oracle.elsa-all.xml.bz2": "testdata/invalid-title-format.xml.bz2",
},
goldenFiles: map[string]string{
"/tmp/oval/oracle/2007/ELSA-2007-0057.json": "testdata/golden/ELSA-2007-0057.json",
},
},
{
name: "404",
appFs: afero.NewMemMapFs(),
bzip2FileNames: map[string]string{},
goldenFiles: map[string]string{},
expectedErrorMsg: "failed to fetch Oracle Linux OVAL: failed to fetch URL: HTTP error. status code: 404, url:",
},
{
name: "invalid file format",
appFs: afero.NewMemMapFs(),
bzip2FileNames: map[string]string{
"/oval/com.oracle.elsa-all.xml.bz2": "testdata/invalid.txt",
},
goldenFiles: map[string]string{},
expectedErrorMsg: "failed to decode Oracle Linux OVAL XML: bzip2 data invalid: bad magic value",
},
{
name: "empty file format",
appFs: afero.NewMemMapFs(),
bzip2FileNames: map[string]string{
"/oval/com.oracle.elsa-all.xml.bz2": "testdata/EOF.txt",
},
goldenFiles: map[string]string{},
expectedErrorMsg: "failed to decode Oracle Linux OVAL XML: unexpected EOF",
},
{
name: "broken XML",
appFs: afero.NewMemMapFs(),
bzip2FileNames: map[string]string{
"/oval/com.oracle.elsa-all.xml.bz2": "testdata/broken-oval-data.xml.bz2",
},
goldenFiles: map[string]string{},
expectedErrorMsg: "failed to decode Oracle Linux OVAL XML: XML syntax error on line 536: element <criteria> closed by </affected>",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
filePath, ok := tc.bzip2FileNames[r.URL.Path]
if !ok {
http.NotFound(w, r)
return
}
b, err := ioutil.ReadFile(filePath)
assert.NoError(t, err, tc.name)
_, err = w.Write(b)
assert.NoError(t, err, tc.name)
}))
defer ts.Close()
url := ts.URL + "/oval/com.oracle.elsa-all.xml.bz2"
c := oracle.Config{
VulnListDir: "/tmp",
URL: url,
AppFs: tc.appFs,
Retry: 0,
}
err := c.Update()
switch {
case tc.expectedErrorMsg != "":
assert.Contains(t, err.Error(), tc.expectedErrorMsg, tc.name)
return
default:
assert.NoError(t, err, tc.name)
}
fileCount := 0
err = afero.Walk(c.AppFs, "/", func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if info.IsDir() {
return nil
}
fileCount += 1
actual, err := afero.ReadFile(c.AppFs, path)
assert.NoError(t, err, tc.name)
goldenPath, ok := tc.goldenFiles[path]
assert.True(t, ok, tc.name)
if *update {
err = ioutil.WriteFile(goldenPath, actual, 0666)
assert.NoError(t, err, tc.name)
}
expected, err := ioutil.ReadFile(goldenPath)
assert.NoError(t, err, tc.name)
assert.Equal(t, expected, actual, tc.name)
return nil
})
assert.Equal(t, len(tc.goldenFiles), fileCount, tc.name)
assert.NoError(t, err, tc.name)
})
}
}

201
oval/oracle/testdata/ELSA-2007-0057.xml vendored Normal file
View File

@ -0,0 +1,201 @@
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:red-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
<generator>
<oval:product_name>Oracle Errata System</oval:product_name>
<oval:product_version>Oracle Linux</oval:product_version>
<oval:schema_version>5.3</oval:schema_version>
<oval:timestamp>2007-06-26T00:00:00</oval:timestamp>
</generator>
<definitions>
<definition id="oval:com.oracle.elsa:def:20070057" version="501" class="patch">
<metadata>
<title>
ELSA-2007-0057: Moderate: bind security update (MODERATE)
</title>
<affected family="unix">
<platform>Oracle Linux 5</platform>
</affected>
<reference source="elsa" ref_id="ELSA-2007-0057" ref_url="http://linux.oracle.com/errata/ELSA-2007-0057.html"/>
<reference source="CVE" ref_id="CVE-2007-0493" ref_url="http://linux.oracle.com/cve/CVE-2007-0493.html"/>
<reference source="CVE" ref_id="CVE-2007-0494" ref_url="http://linux.oracle.com/cve/CVE-2007-0494.html"/>
<description>
[30:9.3.3-8]
- added fix for #224445 - CVE-2007-0493 BIND might crash after
attempting to read free()-ed memory
- added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service
- Resolves: rhbz#224445
- Resolves: rhbz#225229
</description>
<!--
~~~~~~~~~~~~~~~~~~~~ advisory details ~~~~~~~~~~~~~~~~~~~
-->
<advisory>
<severity>MODERATE</severity>
<rights>Copyright 2007 Oracle, Inc.</rights>
<issued date="2007-06-26"/>
<cve href="http://linux.oracle.com/cve/CVE-2007-0493.html">CVE-2007-0493</cve>
<cve href="http://linux.oracle.com/cve/CVE-2007-0494.html">CVE-2007-0494</cve>
</advisory>
</metadata>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057001" comment="Oracle Linux 5 is installed"/>
<criteria operator="OR">
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057002" comment="bind-devel is earlier than 30:9.3.3-8.el5"/>
<criterion test_ref="oval:com.oracle.elsa:tst:20070057003" comment="bind-devel is signed with the Oracle Linux 5 key"/>
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057004" comment="bind-sdb is earlier than 30:9.3.3-8.el5"/>
<criterion test_ref="oval:com.oracle.elsa:tst:20070057005" comment="bind-sdb is signed with the Oracle Linux 5 key"/>
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057006" comment="bind-libs is earlier than 30:9.3.3-8.el5"/>
<criterion test_ref="oval:com.oracle.elsa:tst:20070057007" comment="bind-libs is signed with the Oracle Linux 5 key"/>
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057008" comment="bind-libbind-devel is earlier than 30:9.3.3-8.el5"/>
<criterion test_ref="oval:com.oracle.elsa:tst:20070057009" comment="bind-libbind-devel is signed with the Oracle Linux 5 key"/>
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057010" comment="bind-utils is earlier than 30:9.3.3-8.el5"/>
<criterion test_ref="oval:com.oracle.elsa:tst:20070057011" comment="bind-utils is signed with the Oracle Linux 5 key"/>
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057012" comment="bind-chroot is earlier than 30:9.3.3-8.el5"/>
<criterion test_ref="oval:com.oracle.elsa:tst:20070057013" comment="bind-chroot is signed with the Oracle Linux 5 key"/>
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057014" comment="bind is earlier than 30:9.3.3-8.el5"/>
<criterion test_ref="oval:com.oracle.elsa:tst:20070057015" comment="bind is signed with the Oracle Linux 5 key"/>
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.oracle.elsa:tst:20070057016" comment="caching-nameserver is earlier than 30:9.3.3-8.el5"/>
<criterion test_ref="oval:com.oracle.elsa:tst:20070057017" comment="caching-nameserver is signed with the Oracle Linux 5 key"/>
</criteria>
</criteria>
</criteria>
</definition>
</definitions>
<!--
~~~~~~~~~~~~~~~~~~~~~ rpminfo tests ~~~~~~~~~~~~~~~~~~~~~
-->
<tests>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057001" version="501" comment="Oracle Linux 5 is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057001" />
<state state_ref="oval:com.oracle.elsa:ste:20070057002" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057002" version="501" comment="bind-devel is earlier than 30:9.3.3-8.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057004" />
<state state_ref="oval:com.oracle.elsa:ste:20070057003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057003" version="501" comment="bind-devel is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057004" />
<state state_ref="oval:com.oracle.elsa:ste:20070057001" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057004" version="501" comment="bind-sdb is earlier than 30:9.3.3-8.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057005" />
<state state_ref="oval:com.oracle.elsa:ste:20070057003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057005" version="501" comment="bind-sdb is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057005" />
<state state_ref="oval:com.oracle.elsa:ste:20070057001" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057006" version="501" comment="bind-libs is earlier than 30:9.3.3-8.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057002" />
<state state_ref="oval:com.oracle.elsa:ste:20070057003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057007" version="501" comment="bind-libs is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057002" />
<state state_ref="oval:com.oracle.elsa:ste:20070057001" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057008" version="501" comment="bind-libbind-devel is earlier than 30:9.3.3-8.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057006" />
<state state_ref="oval:com.oracle.elsa:ste:20070057003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057009" version="501" comment="bind-libbind-devel is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057006" />
<state state_ref="oval:com.oracle.elsa:ste:20070057001" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057010" version="501" comment="bind-utils is earlier than 30:9.3.3-8.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057003" />
<state state_ref="oval:com.oracle.elsa:ste:20070057003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057011" version="501" comment="bind-utils is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057003" />
<state state_ref="oval:com.oracle.elsa:ste:20070057001" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057012" version="501" comment="bind-chroot is earlier than 30:9.3.3-8.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057007" />
<state state_ref="oval:com.oracle.elsa:ste:20070057003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057013" version="501" comment="bind-chroot is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057007" />
<state state_ref="oval:com.oracle.elsa:ste:20070057001" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057014" version="501" comment="bind is earlier than 30:9.3.3-8.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057008" />
<state state_ref="oval:com.oracle.elsa:ste:20070057003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057015" version="501" comment="bind is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057008" />
<state state_ref="oval:com.oracle.elsa:ste:20070057001" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057016" version="501" comment="caching-nameserver is earlier than 30:9.3.3-8.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057009" />
<state state_ref="oval:com.oracle.elsa:ste:20070057003" />
</rpminfo_test>
<rpminfo_test id="oval:com.oracle.elsa:tst:20070057017" version="501" comment="caching-nameserver is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.oracle.elsa:obj:20070057009" />
<state state_ref="oval:com.oracle.elsa:ste:20070057001" />
</rpminfo_test>
</tests>
<!--
~~~~~~~~~~~~~~~~~~~~ rpminfo objects ~~~~~~~~~~~~~~~~~~~~
-->
<objects>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057005" version="501">
<name>bind-sdb</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057007" version="501">
<name>bind-chroot</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057004" version="501">
<name>bind-devel</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057002" version="501">
<name>bind-libs</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057008" version="501">
<name>bind</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057001" version="501">
<name>oraclelinux-release</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057009" version="501">
<name>caching-nameserver</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057003" version="501">
<name>bind-utils</name>
</rpminfo_object>
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20070057006" version="501">
<name>bind-libbind-devel</name>
</rpminfo_object>
</objects>
<states>
<!--
~~~~~~~~~~~~~~~~~~~~ rpminfo states ~~~~~~~~~~~~~~~~~~~~~
-->
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20070057001" version="501"><signature_keyid operation="equals">66ced3de1e5e0159</signature_keyid>
</rpminfo_state>
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20070057002" version="501"><version operation="pattern match">^5</version>
</rpminfo_state>
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20070057003" version="501"><evr datatype="evr_string" operation="less than">30:9.3.3-8.el5</evr>
</rpminfo_state>
</states>
</oval_definitions>

0
oval/oracle/testdata/EOF.txt vendored Normal file
View File

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,149 @@
{
"Title": "ELSA-2007-0057: Moderate: bind security update (MODERATE)",
"Description": "[30:9.3.3-8]\n - added fix for #224445 - CVE-2007-0493 BIND might crash after\n attempting to read free()-ed memory\n - added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service\n - Resolves: rhbz#224445\n - Resolves: rhbz#225229",
"Platform": [
"Oracle Linux 5"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2007-0057.html",
"ID": "ELSA-2007-0057"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2007-0493.html",
"ID": "CVE-2007-0493"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2007-0494.html",
"ID": "CVE-2007-0494"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "bind-devel is earlier than 30:9.3.3-8.el5"
},
{
"Comment": "bind-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "bind-sdb is earlier than 30:9.3.3-8.el5"
},
{
"Comment": "bind-sdb is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "bind-libs is earlier than 30:9.3.3-8.el5"
},
{
"Comment": "bind-libs is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "bind-libbind-devel is earlier than 30:9.3.3-8.el5"
},
{
"Comment": "bind-libbind-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "bind-utils is earlier than 30:9.3.3-8.el5"
},
{
"Comment": "bind-utils is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "bind-chroot is earlier than 30:9.3.3-8.el5"
},
{
"Comment": "bind-chroot is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "bind is earlier than 30:9.3.3-8.el5"
},
{
"Comment": "bind is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "caching-nameserver is earlier than 30:9.3.3-8.el5"
},
{
"Comment": "caching-nameserver is signed with the Oracle Linux 5 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 5 is installed"
}
]
},
"Severity": "MODERATE",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2007-0493.html",
"ID": "CVE-2007-0493"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2007-0494.html",
"ID": "CVE-2007-0494"
}
]
}

View File

@ -0,0 +1,125 @@
{
"Title": "ELSA-2008-0110: Moderate: openldap security update (MODERATE)",
"Description": "[2.3.27-8.3]\n - better fix for CVE-2007-6698 (#431407), now it fixes also\n modrdn operations\n\n [2.3.27-8.2]\n - fix CVE-2007-6698 (#431407)",
"Platform": [
"Oracle Linux 5"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2008-0110.html",
"ID": "ELSA-2008-0110"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2007-6698.html",
"ID": "CVE-2007-6698"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2008-0658.html",
"ID": "CVE-2008-0658"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "openldap-servers-sql is earlier than 0:2.3.27-8.el5_1.3"
},
{
"Comment": "openldap-servers-sql is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "openldap is earlier than 0:2.3.27-8.el5_1.3"
},
{
"Comment": "openldap is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "openldap-clients is earlier than 0:2.3.27-8.el5_1.3"
},
{
"Comment": "openldap-clients is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "openldap-devel is earlier than 0:2.3.27-8.el5_1.3"
},
{
"Comment": "openldap-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "compat-openldap is earlier than 0:2.3.27_2.2.29-8.el5_1.3"
},
{
"Comment": "compat-openldap is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "openldap-servers is earlier than 0:2.3.27-8.el5_1.3"
},
{
"Comment": "openldap-servers is signed with the Oracle Linux 5 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 5 is installed"
}
]
},
"Severity": "MODERATE",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2007-6698.html",
"ID": "CVE-2007-6698"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2008-0658.html",
"ID": "CVE-2008-0658"
}
]
}

View File

@ -0,0 +1,115 @@
{
"Title": "ELSA-2009-1203: subversion security update (IMPORTANT)",
"Description": "[1.4.2-4.0.1.el5_3.1]\n- Add oracle-enterprise.patch\n\n[1.4.2-4.el5_3.1]\n- add security fix for CVE-2009-2411 (#515817)",
"Platform": [
"Oracle Linux 5"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2009-1203.html",
"ID": "ELSA-2009-1203"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2009-2411.html",
"ID": "CVE-2009-2411"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "subversion is earlier than 0:1.4.2-4.0.1.el5_3.1"
},
{
"Comment": "subversion is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "subversion-devel is earlier than 0:1.4.2-4.0.1.el5_3.1"
},
{
"Comment": "subversion-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "subversion-ruby is earlier than 0:1.4.2-4.0.1.el5_3.1"
},
{
"Comment": "subversion-ruby is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "subversion-javahl is earlier than 0:1.4.2-4.0.1.el5_3.1"
},
{
"Comment": "subversion-javahl is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "mod_dav_svn is earlier than 0:1.4.2-4.0.1.el5_3.1"
},
{
"Comment": "mod_dav_svn is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "subversion-perl is earlier than 0:1.4.2-4.0.1.el5_3.1"
},
{
"Comment": "subversion-perl is signed with the Oracle Linux 5 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 5 is installed"
}
]
},
"Severity": "IMPORTANT",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2009-2411.html",
"ID": "CVE-2009-2411"
}
]
}

View File

@ -0,0 +1,67 @@
{
"Title": "ELSA-2010-0809: xulrunner security update (CRITICAL)",
"Description": "[1.9.2.11-4.0.1.el5_5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n\n[1.9.2.11-4.el5_5]\n- Add upstream patch for CVE-2010-3765",
"Platform": [
"Oracle Linux 5"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2010-0809.html",
"ID": "ELSA-2010-0809"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2010-3765.html",
"ID": "CVE-2010-3765"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xulrunner is earlier than 0:1.9.2.11-4.0.1.el5_5"
},
{
"Comment": "xulrunner is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xulrunner-devel is earlier than 0:1.9.2.11-4.0.1.el5_5"
},
{
"Comment": "xulrunner-devel is signed with the Oracle Linux 5 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 5 is installed"
}
]
},
"Severity": "CRITICAL",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2010-3765.html",
"ID": "CVE-2010-3765"
}
]
}

View File

@ -0,0 +1,127 @@
{
"Title": "ELSA-2011-1268: firefox security update (IMPORTANT)",
"Description": "firefox:\n\n[3.6.22-1.0.1.el6_1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones\n\n[3.6.22-1]\n- Update to 3.6.22\n\nxulrunner:\n\n[1.9.2.22-1.0.1.el6_1]\n- Replace xulrunner-redhat-default-prefs.js with\n xulrunner-oracle-default-prefs.js\n\n[- 1.9.2.22-1]\n- Update to 1.9.2.22",
"Platform": [
"Oracle Linux 5",
"Oracle Linux 6"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2011-1268.html",
"ID": "ELSA-2011-1268"
}
],
"Criteria": {
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xulrunner is earlier than 0:1.9.2.22-1.0.1.el5_7"
},
{
"Comment": "xulrunner is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "firefox is earlier than 0:3.6.22-1.0.1.el5_7"
},
{
"Comment": "firefox is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xulrunner-devel is earlier than 0:1.9.2.22-1.0.1.el5_7"
},
{
"Comment": "xulrunner-devel is signed with the Oracle Linux 5 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 5 is installed"
}
]
},
{
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xulrunner is earlier than 0:1.9.2.22-1.0.1.el6_1"
},
{
"Comment": "xulrunner is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "firefox is earlier than 0:3.6.22-1.0.1.el6_1"
},
{
"Comment": "firefox is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xulrunner-devel is earlier than 0:1.9.2.22-1.0.1.el6_1"
},
{
"Comment": "xulrunner-devel is signed with the Oracle Linux 6 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 6 is installed"
}
]
}
],
"Criterions": null
},
"Severity": "IMPORTANT",
"Cves": null
}

View File

@ -0,0 +1,103 @@
{
"Title": "ELSA-2012-1261: dbus security update (MODERATE)",
"Description": "[1:1.2.24-7.0.1.el6_3 ]\n- fix netlink poll: error 4 (Zhenzhong Duan)\n\n[1:1.2.24-7]\n- Resolves: #854821\n\n[1:1.2.24-6]\n- Apply patches for CVE-2011-2200\n- Resolves: #725314",
"Platform": [
"Oracle Linux 6"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2012-1261.html",
"ID": "ELSA-2012-1261"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2012-3524.html",
"ID": "CVE-2012-3524"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "dbus is earlier than 1:1.2.24-7.0.1.el6_3"
},
{
"Comment": "dbus is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "dbus-devel is earlier than 1:1.2.24-7.0.1.el6_3"
},
{
"Comment": "dbus-devel is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "dbus-doc is earlier than 1:1.2.24-7.0.1.el6_3"
},
{
"Comment": "dbus-doc is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "dbus-x11 is earlier than 1:1.2.24-7.0.1.el6_3"
},
{
"Comment": "dbus-x11 is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "dbus-libs is earlier than 1:1.2.24-7.0.1.el6_3"
},
{
"Comment": "dbus-libs is signed with the Oracle Linux 6 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 6 is installed"
}
]
},
"Severity": "MODERATE",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2012-3524.html",
"ID": "CVE-2012-3524"
}
]
}

View File

@ -0,0 +1,67 @@
{
"Title": "ELSA-2013-1732: busybox security and bug fix update (LOW)",
"Description": "[1:1.15.1-20]\n- Resolves: #855832\n 'Installation from NFS: That directory could not be mounted from the server'\n by switching NFS mount default from UDP to TCP.\n There was another place (in uclibc this time) which used UDP.\n\n[1:1.15.1-19]\n- Resolves: #1015010\n 'busybox: insecure directory permissions in /dev'\n\n[1:1.15.1-18]\n- Resolves: #855832\n 'Installation from NFS: That directory could not be mounted from the server'\n by switching NFS mount default from UDP to TCP.\n\n[1:1.15.1-17]\n- Resolves: #820097\n- 's390x: wc: : No such file or directory'",
"Platform": [
"Oracle Linux 6"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2013-1732.html",
"ID": "ELSA-2013-1732"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2013-1813.html",
"ID": "CVE-2013-1813"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "busybox is earlier than 1:1.15.1-20.el6"
},
{
"Comment": "busybox is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "busybox-petitboot is earlier than 1:1.15.1-20.el6"
},
{
"Comment": "busybox-petitboot is signed with the Oracle Linux 6 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 6 is installed"
}
]
},
"Severity": "LOW",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2013-1813.html",
"ID": "CVE-2013-1813"
}
]
}

View File

@ -0,0 +1,187 @@
{
"Title": "ELSA-2014-2010: kernel security update (IMPORTANT)",
"Description": "[3.10.0-123.13.2]\n- Oracle Linux certificates (Alexey Petrenko)\n\n[3.10.0-123.13.2]\n- [x86] traps: stop using IST for #SS (Petr Matousek) [1172812 1172813] {CVE-2014-9322}",
"Platform": [
"Oracle Linux 7"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2014-2010.html",
"ID": "ELSA-2014-2010"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2014-9322.html",
"ID": "CVE-2014-9322"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "python-perf is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "python-perf is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-doc is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-doc is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-tools-libs-devel is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-tools-libs-devel is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-devel is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-devel is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-debug-devel is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-debug-devel is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-debug is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-debug is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-tools-libs is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-tools-libs is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-tools is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-tools is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "perf is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "perf is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-headers is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-headers is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-abi-whitelists is earlier than 0:3.10.0-123.13.2.el7"
},
{
"Comment": "kernel-abi-whitelists is signed with the Oracle Linux 7 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 7 is installed"
}
]
},
"Severity": "IMPORTANT",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2014-9322.html",
"ID": "CVE-2014-9322"
}
]
}

View File

@ -0,0 +1,235 @@
{
"Title": "ELSA-2015-2561: git security update (MODERATE)",
"Description": "[1.8.3.1-6]\n- fix arbitrary code execution via crafted URLs\n Resolves: #1274737",
"Platform": [
"Oracle Linux 7"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2015-2561.html",
"ID": "ELSA-2015-2561"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2015-7545.html",
"ID": "CVE-2015-7545"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "perl-Git is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "perl-Git is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-gui is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-gui is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-daemon is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-daemon is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-cvs is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-cvs is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-email is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-email is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "gitk is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "gitk is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-svn is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-svn is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-p4 is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-p4 is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-bzr is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-bzr is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "emacs-git is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "emacs-git is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "perl-Git-SVN is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "perl-Git-SVN is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-all is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-all is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "emacs-git-el is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "emacs-git-el is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "gitweb is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "gitweb is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "git-hg is earlier than 0:1.8.3.1-6.el7"
},
{
"Comment": "git-hg is signed with the Oracle Linux 7 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 7 is installed"
}
]
},
"Severity": "MODERATE",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2015-7545.html",
"ID": "CVE-2015-7545"
}
]
}

View File

@ -0,0 +1,270 @@
{
"Title": "ELSA-2016-3646: Unbreakable Enterprise kernel security update (IMPORTANT)",
"Description": "[2.6.39-400.290.2]\n- aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060055] {CVE-2016-6480} {CVE-2016-6480}\n- audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059962] {CVE-2016-6136}\n- ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 24971918] {CVE-2016-1583} {CVE-2016-1583}\n- ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578}\n- ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578}\n- ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059755] {CVE-2016-4569}\n- Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058905] {CVE-2015-8956}\n- mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059195] {CVE-2016-3070}",
"Platform": [
"Oracle Linux 5",
"Oracle Linux 6"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2016-3646.html",
"ID": "ELSA-2016-3646"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-1583.html",
"ID": "CVE-2016-1583"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2015-8956.html",
"ID": "CVE-2015-8956"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-4569.html",
"ID": "CVE-2016-4569"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-4578.html",
"ID": "CVE-2016-4578"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-6480.html",
"ID": "CVE-2016-6480"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-3070.html",
"ID": "CVE-2016-3070"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-6136.html",
"ID": "CVE-2016-6136"
}
],
"Criteria": {
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-devel is earlier than 0:2.6.39-400.290.2.el5uek"
},
{
"Comment": "kernel-uek-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-debug-devel is earlier than 0:2.6.39-400.290.2.el5uek"
},
{
"Comment": "kernel-uek-debug-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-debug is earlier than 0:2.6.39-400.290.2.el5uek"
},
{
"Comment": "kernel-uek-debug is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-doc is earlier than 0:2.6.39-400.290.2.el5uek"
},
{
"Comment": "kernel-uek-doc is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek is earlier than 0:2.6.39-400.290.2.el5uek"
},
{
"Comment": "kernel-uek is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-firmware is earlier than 0:2.6.39-400.290.2.el5uek"
},
{
"Comment": "kernel-uek-firmware is signed with the Oracle Linux 5 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 5 is installed"
}
]
},
{
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-devel is earlier than 0:2.6.39-400.290.2.el6uek"
},
{
"Comment": "kernel-uek-devel is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-debug-devel is earlier than 0:2.6.39-400.290.2.el6uek"
},
{
"Comment": "kernel-uek-debug-devel is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-firmware is earlier than 0:2.6.39-400.290.2.el6uek"
},
{
"Comment": "kernel-uek-firmware is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-doc is earlier than 0:2.6.39-400.290.2.el6uek"
},
{
"Comment": "kernel-uek-doc is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-debug is earlier than 0:2.6.39-400.290.2.el6uek"
},
{
"Comment": "kernel-uek-debug is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek is earlier than 0:2.6.39-400.290.2.el6uek"
},
{
"Comment": "kernel-uek is signed with the Oracle Linux 6 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 6 is installed"
}
]
}
],
"Criterions": null
},
"Severity": "IMPORTANT",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-1583.html",
"ID": "CVE-2016-1583"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2015-8956.html",
"ID": "CVE-2015-8956"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-4569.html",
"ID": "CVE-2016-4569"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-4578.html",
"ID": "CVE-2016-4578"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-6480.html",
"ID": "CVE-2016-6480"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-3070.html",
"ID": "CVE-2016-3070"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-6136.html",
"ID": "CVE-2016-6136"
}
]
}

View File

@ -0,0 +1,250 @@
{
"Title": "ELSA-2017-3516: Unbreakable Enterprise kernel security update (IMPORTANT)",
"Description": "[2.6.39-400.294.2]\n- vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807]\n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}",
"Platform": [
"Oracle Linux 5",
"Oracle Linux 6"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2017-3516.html",
"ID": "ELSA-2017-3516"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-4485.html",
"ID": "CVE-2016-4485"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-8646.html",
"ID": "CVE-2016-8646"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2016-4482.html",
"ID": "CVE-2016-4482"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2013-7446.html",
"ID": "CVE-2013-7446"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2015-1420.html",
"ID": "CVE-2015-1420"
}
],
"Criteria": {
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-firmware is earlier than 0:2.6.39-400.294.2.el5uek"
},
{
"Comment": "kernel-uek-firmware is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-debug is earlier than 0:2.6.39-400.294.2.el5uek"
},
{
"Comment": "kernel-uek-debug is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-doc is earlier than 0:2.6.39-400.294.2.el5uek"
},
{
"Comment": "kernel-uek-doc is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-debug-devel is earlier than 0:2.6.39-400.294.2.el5uek"
},
{
"Comment": "kernel-uek-debug-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-devel is earlier than 0:2.6.39-400.294.2.el5uek"
},
{
"Comment": "kernel-uek-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek is earlier than 0:2.6.39-400.294.2.el5uek"
},
{
"Comment": "kernel-uek is signed with the Oracle Linux 5 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 5 is installed"
}
]
},
{
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-debug-devel is earlier than 0:2.6.39-400.294.2.el6uek"
},
{
"Comment": "kernel-uek-debug-devel is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek is earlier than 0:2.6.39-400.294.2.el6uek"
},
{
"Comment": "kernel-uek is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-firmware is earlier than 0:2.6.39-400.294.2.el6uek"
},
{
"Comment": "kernel-uek-firmware is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-devel is earlier than 0:2.6.39-400.294.2.el6uek"
},
{
"Comment": "kernel-uek-devel is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-doc is earlier than 0:2.6.39-400.294.2.el6uek"
},
{
"Comment": "kernel-uek-doc is signed with the Oracle Linux 6 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-uek-debug is earlier than 0:2.6.39-400.294.2.el6uek"
},
{
"Comment": "kernel-uek-debug is signed with the Oracle Linux 6 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 6 is installed"
}
]
}
],
"Criterions": null
},
"Severity": "IMPORTANT",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-4485.html",
"ID": "CVE-2016-4485"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-8646.html",
"ID": "CVE-2016-8646"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2016-4482.html",
"ID": "CVE-2016-4482"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2013-7446.html",
"ID": "CVE-2013-7446"
},
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2015-1420.html",
"ID": "CVE-2015-1420"
}
]
}

View File

@ -0,0 +1,259 @@
{
"Title": "ELSA-2018-1196-1: kernel security and bug fix update (IMPORTANT)",
"Description": "kernel\n[2.6.18-419.0.0.0.10]\n- Backport CVE-2017-5715 to RHCK/OL5 [orabug 27787723]\n\n[2.6.18-419.0.0.0.9]\n- rebuild with retpoline compiler",
"Platform": [
"Oracle Linux 5"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2018-1196-1.html",
"ID": "ELSA-2018-1196-1"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2017-5715.html",
"ID": "CVE-2017-5715"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-PAE is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-PAE is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-PAE-devel is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-PAE-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-debug is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-debug is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-debug-devel is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-debug-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-devel is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-doc is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-doc is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-headers is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-headers is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-xen is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-xen is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "kernel-xen-devel is earlier than 0:2.6.18-419.0.0.0.10.el5"
},
{
"Comment": "kernel-xen-devel is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "ocfs2-2.6.18-419.0.0.0.10.el5 is earlier than 0:1.4.11-1.el5"
},
{
"Comment": "ocfs2-2.6.18-419.0.0.0.10.el5 is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "ocfs2-2.6.18-419.0.0.0.10.el5PAE is earlier than 0:1.4.11-1.el5"
},
{
"Comment": "ocfs2-2.6.18-419.0.0.0.10.el5PAE is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "ocfs2-2.6.18-419.0.0.0.10.el5debug is earlier than 0:1.4.11-1.el5"
},
{
"Comment": "ocfs2-2.6.18-419.0.0.0.10.el5debug is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "ocfs2-2.6.18-419.0.0.0.10.el5xen is earlier than 0:1.4.11-1.el5"
},
{
"Comment": "ocfs2-2.6.18-419.0.0.0.10.el5xen is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "oracleasm-2.6.18-419.0.0.0.10.el5 is earlier than 0:2.0.5-2.el5"
},
{
"Comment": "oracleasm-2.6.18-419.0.0.0.10.el5 is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "oracleasm-2.6.18-419.0.0.0.10.el5PAE is earlier than 0:2.0.5-2.el5"
},
{
"Comment": "oracleasm-2.6.18-419.0.0.0.10.el5PAE is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "oracleasm-2.6.18-419.0.0.0.10.el5debug is earlier than 0:2.0.5-2.el5"
},
{
"Comment": "oracleasm-2.6.18-419.0.0.0.10.el5debug is signed with the Oracle Linux 5 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "oracleasm-2.6.18-419.0.0.0.10.el5xen is earlier than 0:2.0.5-2.el5"
},
{
"Comment": "oracleasm-2.6.18-419.0.0.0.10.el5xen is signed with the Oracle Linux 5 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 5 is installed"
}
]
},
"Severity": "IMPORTANT",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2017-5715.html",
"ID": "CVE-2017-5715"
}
]
}

View File

@ -0,0 +1,151 @@
{
"Title": "ELSA-2018-3410: xorg-x11-server security update (IMPORTANT)",
"Description": "[1.20.1-5.1]\n- CVE-2018-14665: Disable -logfile and -modulepath when running with elevated\n privileges\n\n[1.20.1-5]\n- Call LeaveVT from xf86CrtcCloseScreen\n\n[1.20.1-4]\n- Hide the modesetting driver's atomic ioctl support behind Option 'Atomic'",
"Platform": [
"Oracle Linux 7"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2018-3410.html",
"ID": "ELSA-2018-3410"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2018-14665.html",
"ID": "CVE-2018-14665"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-Xdmx is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-Xdmx is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-Xephyr is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-Xephyr is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-Xnest is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-Xnest is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-Xorg is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-Xorg is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-Xvfb is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-Xvfb is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-Xwayland is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-Xwayland is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-common is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-common is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-devel is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-devel is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "xorg-x11-server-source is earlier than 0:1.20.1-5.1.el7"
},
{
"Comment": "xorg-x11-server-source is signed with the Oracle Linux 7 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 7 is installed"
}
]
},
"Severity": "IMPORTANT",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2018-14665.html",
"ID": "CVE-2018-14665"
}
]
}

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,67 @@
{
"Title": "ELSA-2019-4821: sudo security update (IMPORTANT)",
"Description": "[1.8.23-4.0.1]\n- Treat an ID of -1 as invalid since that means 'no change' [Orabug: 30421281] {CVE-2019-14287}\n- Add sudo_strtoid() tests for -1 and range errors. [Orabug: 30421281]",
"Platform": [
"Oracle Linux 7"
],
"References": [
{
"Source": "elsa",
"URI": "http://linux.oracle.com/errata/ELSA-2019-4821.html",
"ID": "ELSA-2019-4821"
},
{
"Source": "CVE",
"URI": "http://linux.oracle.com/cve/CVE-2019-14287.html",
"ID": "CVE-2019-14287"
}
],
"Criteria": {
"Operator": "AND",
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "sudo is earlier than 0:1.8.23-4.0.1.el7"
},
{
"Comment": "sudo is signed with the Oracle Linux 7 key"
}
]
},
{
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"Comment": "sudo-devel is earlier than 0:1.8.23-4.0.1.el7"
},
{
"Comment": "sudo-devel is signed with the Oracle Linux 7 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"Comment": "Oracle Linux 7 is installed"
}
]
},
"Severity": "IMPORTANT",
"Cves": [
{
"Impact": "",
"Href": "http://linux.oracle.com/cve/CVE-2019-14287.html",
"ID": "CVE-2019-14287"
}
]
}

Binary file not shown.

1
oval/oracle/testdata/invalid.txt vendored Normal file
View File

@ -0,0 +1 @@
test

37
oval/oracle/types.go Normal file
View File

@ -0,0 +1,37 @@
package oracle
type Oval struct {
Definitions []Definition `xml:"definitions>definition"`
}
type Definition struct {
Title string `xml:"metadata>title"`
Description string `xml:"metadata>description"`
Platform []string `xml:"metadata>affected>platform"`
References []Reference `xml:"metadata>reference"`
Criteria Criteria `xml:"criteria"`
Severity string `xml:"metadata>advisory>severity"`
Cves []Cve `xml:"metadata>advisory>cve"`
}
type Reference struct {
Source string `xml:"source,attr"`
URI string `xml:"ref_url,attr"`
ID string `xml:"ref_id,attr"`
}
type Cve struct {
Impact string `xml:"impact,attr"`
Href string `xml:"href,attr"`
ID string `xml:",chardata"`
}
type Criteria struct {
Operator string `xml:"operator,attr"`
Criterias []*Criteria `xml:"criteria"`
Criterions []Criterion `xml:"criterion"`
}
type Criterion struct {
Comment string `xml:"comment,attr"`
}

192
oval/oracle/types_test.go Normal file
View File

@ -0,0 +1,192 @@
package oracle_test
import (
"encoding/xml"
"io/ioutil"
"testing"
"github.com/aquasecurity/vuln-list-update/oval/oracle"
"github.com/kylelemons/godebug/pretty"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestRedhatCVEJSON_UnmarshalJSON(t *testing.T) {
tests := map[string]struct {
in string
want *oracle.Oval
}{
"nested_criterias_elsa_data": {
// https://linux.oracle.com/oval/com.oracle.elsa-20070057.xml
in: "testdata/ELSA-2007-0057.xml",
want: &oracle.Oval{
Definitions: []oracle.Definition{
{
Title: "\nELSA-2007-0057: Moderate: bind security update (MODERATE)\n",
Description: "\n [30:9.3.3-8]\n - added fix for #224445 - CVE-2007-0493 BIND might crash after\n attempting to read free()-ed memory\n - added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service\n - Resolves: rhbz#224445\n - Resolves: rhbz#225229 \n",
Platform: []string{"Oracle Linux 5"},
References: []oracle.Reference{
{
Source: "elsa",
URI: "http://linux.oracle.com/errata/ELSA-2007-0057.html",
ID: "ELSA-2007-0057",
},
{
Source: "CVE",
URI: "http://linux.oracle.com/cve/CVE-2007-0493.html",
ID: "CVE-2007-0493",
},
{
Source: "CVE",
URI: "http://linux.oracle.com/cve/CVE-2007-0494.html",
ID: "CVE-2007-0494",
},
},
Criteria: oracle.Criteria{
Operator: "AND",
Criterias: []*oracle.Criteria{
{
Operator: "OR",
Criterias: []*oracle.Criteria{
{
Operator: "AND",
Criterias: nil,
Criterions: []oracle.Criterion{
{
Comment: "bind-devel is earlier than 30:9.3.3-8.el5",
},
{
Comment: "bind-devel is signed with the Oracle Linux 5 key",
},
},
},
{
Operator: "AND",
Criterias: nil,
Criterions: []oracle.Criterion{
{
Comment: "bind-sdb is earlier than 30:9.3.3-8.el5",
},
{
Comment: "bind-sdb is signed with the Oracle Linux 5 key",
},
},
},
{
Operator: "AND",
Criterias: nil,
Criterions: []oracle.Criterion{
{
Comment: "bind-libs is earlier than 30:9.3.3-8.el5",
},
{
Comment: "bind-libs is signed with the Oracle Linux 5 key",
},
},
},
{
Operator: "AND",
Criterias: nil,
Criterions: []oracle.Criterion{
{
Comment: "bind-libbind-devel is earlier than 30:9.3.3-8.el5",
},
{
Comment: "bind-libbind-devel is signed with the Oracle Linux 5 key",
},
},
},
{
Operator: "AND",
Criterias: nil,
Criterions: []oracle.Criterion{
{
Comment: "bind-utils is earlier than 30:9.3.3-8.el5",
},
{
Comment: "bind-utils is signed with the Oracle Linux 5 key",
},
},
},
{
Operator: "AND",
Criterias: nil,
Criterions: []oracle.Criterion{
{
Comment: "bind-chroot is earlier than 30:9.3.3-8.el5",
},
{
Comment: "bind-chroot is signed with the Oracle Linux 5 key",
},
},
},
{
Operator: "AND",
Criterias: nil,
Criterions: []oracle.Criterion{
{
Comment: "bind is earlier than 30:9.3.3-8.el5",
},
{
Comment: "bind is signed with the Oracle Linux 5 key",
},
},
},
{
Operator: "AND",
Criterias: nil,
Criterions: []oracle.Criterion{
{
Comment: "caching-nameserver is earlier than 30:9.3.3-8.el5",
},
{
Comment: "caching-nameserver is signed with the Oracle Linux 5 key",
},
},
},
},
Criterions: nil,
},
},
Criterions: []oracle.Criterion{
{
Comment: "Oracle Linux 5 is installed",
},
},
},
Severity: "MODERATE",
Cves: []oracle.Cve{
{
Impact: "",
Href: "http://linux.oracle.com/cve/CVE-2007-0493.html",
ID: "CVE-2007-0493",
},
{
Impact: "",
Href: "http://linux.oracle.com/cve/CVE-2007-0494.html",
ID: "CVE-2007-0494",
},
},
},
},
},
},
}
for testname, tt := range tests {
t.Run(testname, func(t *testing.T) {
xmlByte, err := ioutil.ReadFile(tt.in)
if err != nil {
require.NoError(t, err)
}
got := &oracle.Oval{}
err = xml.Unmarshal(xmlByte, got)
if err != nil {
require.NoError(t, err)
}
if !assert.Equal(t, got, tt.want) {
t.Errorf("[%s]\n diff: %s", testname, pretty.Compare(got, tt.want))
}
})
}
}