clair/ext/vulnsrc/rhel/testdata/fetcher_rhel_test.1.xml

155 lines
9.9 KiB
XML
Raw Normal View History

2015-11-13 19:11:28 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:red-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
<generator>
<oval:product_name>Red Hat Errata System</oval:product_name>
<oval:schema_version>5.10.1</oval:schema_version>
<oval:timestamp>2015-06-29T12:11:23</oval:timestamp>
</generator>
<definitions>
<definition id="oval:com.redhat.rhsa:def:20151193" version="601" class="patch">
<metadata>
<title>RHSA-2015:1193: xerces-c security update (Moderate)</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 7</platform>
</affected>
<reference source="RHSA" ref_id="RHSA-2015:1193-00" ref_url="https://rhn.redhat.com/errata/RHSA-2015-1193.html"/>
<reference source="CVE" ref_id="CVE-2015-0252" ref_url="https://access.redhat.com/security/cve/CVE-2015-0252"/>
<description>Xerces-C is a validating XML parser written in a portable subset of C++.
A flaw was found in the way the Xerces-C XML parser processed certain XML
documents. A remote attacker could provide specially crafted XML input
that, when parsed by an application using Xerces-C, would cause that
application to crash.</description>
<!-- ~~~~~~~~~~~~~~~~~~~~ advisory details ~~~~~~~~~~~~~~~~~~~ -->
<advisory from="secalert@redhat.com">
<severity>Moderate</severity>
<rights>Copyright 2015 Red Hat, Inc.</rights>
<issued date="2015-06-29"/>
<updated date="2015-06-29"/>
<cve href="https://access.redhat.com/security/cve/CVE-2015-0252">CVE-2015-0252</cve>
<bugzilla href="https://bugzilla.redhat.com/1199103" id="1199103">CVE-2015-0252 xerces-c: crashes on malformed input</bugzilla>
<affected_cpe_list>
<cpe>cpe:/o:redhat:enterprise_linux:7</cpe>
</affected_cpe_list>
</advisory>
</metadata>
<criteria operator="AND">
<criteria operator="OR">
<criterion test_ref="oval:com.redhat.rhsa:tst:20151193001" comment="Red Hat Enterprise Linux 7 Client is installed" /><criterion test_ref="oval:com.redhat.rhsa:tst:20151193002" comment="Red Hat Enterprise Linux 7 Server is installed" /><criterion test_ref="oval:com.redhat.rhsa:tst:20151193003" comment="Red Hat Enterprise Linux 7 Workstation is installed" /><criterion test_ref="oval:com.redhat.rhsa:tst:20151193004" comment="Red Hat Enterprise Linux 7 ComputeNode is installed" />
</criteria>
<criteria operator="OR">
<criteria operator="AND">
<criterion test_ref="oval:com.redhat.rhsa:tst:20151193005" comment="xerces-c is earlier than 0:3.1.1-7.el7_1" /><criterion test_ref="oval:com.redhat.rhsa:tst:20151193006" comment="xerces-c is signed with Red Hat redhatrelease2 key" />
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.redhat.rhsa:tst:20151193007" comment="xerces-c-devel is earlier than 0:3.1.1-7.el7_1" /><criterion test_ref="oval:com.redhat.rhsa:tst:20151193008" comment="xerces-c-devel is signed with Red Hat redhatrelease2 key" />
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.redhat.rhsa:tst:20151193009" comment="xerces-c-doc is earlier than 0:3.1.1-7.el7_1" /><criterion test_ref="oval:com.redhat.rhsa:tst:20151193010" comment="xerces-c-doc is signed with Red Hat redhatrelease2 key" />
</criteria>
<criteria operator="AND">
<criterion test_ref="oval:com.redhat.rhsa:tst:20151193009" comment="xerces-c-x is earlier than invalid version" /><criterion test_ref="oval:com.redhat.rhsa:tst:20151193010" comment="xerces-c-doc is signed with Red Hat redhatrelease2 key" />
</criteria>
</criteria>
</criteria>
</definition>
</definitions>
<tests>
<!-- ~~~~~~~~~~~~~~~~~~~~~ rpminfo tests ~~~~~~~~~~~~~~~~~~~~~ -->
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193001" version="601" comment="Red Hat Enterprise Linux 7 Client is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193001" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193002" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193002" version="601" comment="Red Hat Enterprise Linux 7 Server is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193002" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193002" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193003" version="601" comment="Red Hat Enterprise Linux 7 Workstation is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193003" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193002" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193004" version="601" comment="Red Hat Enterprise Linux 7 ComputeNode is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193004" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193002" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193005" version="601" comment="xerces-c is earlier than 0:3.1.1-7.el7_1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193005" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193003" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193006" version="601" comment="xerces-c is signed with Red Hat redhatrelease2 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193005" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193001" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193007" version="601" comment="xerces-c-devel is earlier than 0:3.1.1-7.el7_1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193006" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193003" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193008" version="601" comment="xerces-c-devel is signed with Red Hat redhatrelease2 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193006" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193001" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193009" version="601" comment="xerces-c-doc is earlier than 0:3.1.1-7.el7_1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193007" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193003" />
</rpminfo_test>
<rpminfo_test id="oval:com.redhat.rhsa:tst:20151193010" version="601" comment="xerces-c-doc is signed with Red Hat redhatrelease2 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<object object_ref="oval:com.redhat.rhsa:obj:20151193007" />
<state state_ref="oval:com.redhat.rhsa:ste:20151193001" />
</rpminfo_test>
</tests>
<objects>
<!-- ~~~~~~~~~~~~~~~~~~~~ rpminfo objects ~~~~~~~~~~~~~~~~~~~~ -->
<rpminfo_object id="oval:com.redhat.rhsa:obj:20151193001" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<name>redhat-release-client</name>
</rpminfo_object>
<rpminfo_object id="oval:com.redhat.rhsa:obj:20151193004" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<name>redhat-release-computenode</name>
</rpminfo_object>
<rpminfo_object id="oval:com.redhat.rhsa:obj:20151193002" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<name>redhat-release-server</name>
</rpminfo_object>
<rpminfo_object id="oval:com.redhat.rhsa:obj:20151193003" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<name>redhat-release-workstation</name>
</rpminfo_object>
<rpminfo_object id="oval:com.redhat.rhsa:obj:20151193005" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<name>xerces-c</name>
</rpminfo_object>
<rpminfo_object id="oval:com.redhat.rhsa:obj:20151193006" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<name>xerces-c-devel</name>
</rpminfo_object>
<rpminfo_object id="oval:com.redhat.rhsa:obj:20151193007" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<name>xerces-c-doc</name>
</rpminfo_object>
</objects>
<states>
<!-- ~~~~~~~~~~~~~~~~~~~~ rpminfo states ~~~~~~~~~~~~~~~~~~~~~ -->
<rpminfo_state id="oval:com.redhat.rhsa:ste:20151193001" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<signature_keyid operation="equals">199e2f91fd431d51</signature_keyid>
</rpminfo_state>
<rpminfo_state id="oval:com.redhat.rhsa:ste:20151193002" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<version operation="pattern match">^7[^\d]</version>
</rpminfo_state>
<rpminfo_state id="oval:com.redhat.rhsa:ste:20151193003" version="601" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
<evr datatype="evr_string" operation="less than">0:3.1.1-7.el7_1</evr>
</rpminfo_state>
</states>
</oval_definitions>