Processed Pull Request 346 for HP

repository/definitions/vulnerability/oval_org.cisecurity_def_747.xml

@@ -0,0 +1,47 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:747" version="1">
+  <metadata>
+    <title>Multiple vulnerabilities in OpenSSL affect AIX</title>
+    <affected family="unix">
+      <platform>IBM AIX 6.1</platform>
+      <platform>IBM AIX 7.1</platform>
+    </affected>
+    <reference ref_id="CVE-2016-0705" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705" source="CVE" />
+    <description>A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2014-11-05T11:43:28.000-05:00">
+          <contributor organization="Hewlett-Packard">Shruti</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criteria comment="platforms" operator="OR">
+      <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267" />
+      <extend_definition comment="IBM AIX 7.1 is installed" definition_ref="oval:org.mitre.oval:def:18828" />
+    </criteria>
+    <criteria comment="filesets" operator="OR">
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 1.0.1.500" test_ref="oval:org.mitre.oval:tst:126498" />
+        <criterion comment="openssl.base less than or equal 1.0.1.515" test_ref="oval:org.cisecurity:tst:556" />
+        <criterion comment="Interim fix IV83169m9a (vuid: 00F850C34C00040104041816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1211" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 0.9.8.401" test_ref="oval:org.mitre.oval:tst:126501" />
+        <criterion comment="openssl.base less than or equal 0.9.8.2506" test_ref="oval:org.cisecurity:tst:561" />
+        <criterion comment="Interim fix IV83169m9b (vuid: 00F850C34C00040104040816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1209" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base equal to 1.0.2.500" test_ref="oval:org.cisecurity:tst:1212" />
+        <criterion comment="Interim fix IV83169s9d (vuid: 00F850C34C00040105042616) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1208" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 12.9.8.1100" test_ref="oval:org.mitre.oval:tst:126325" />
+        <criterion comment="openssl.base less than or equal 12.9.8.2506" test_ref="oval:org.cisecurity:tst:560" />
+        <criterion comment="Interim fix IV83169m9c (vuid: 00F850C34C00040110042716) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1210" />
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_748.xml

@@ -0,0 +1,47 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:748" version="1">
+  <metadata>
+    <title>Multiple vulnerabilities in OpenSSL affect AIX</title>
+    <affected family="unix">
+      <platform>IBM AIX 6.1</platform>
+      <platform>IBM AIX 7.1</platform>
+    </affected>
+    <reference ref_id="CVE-2016-0797" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797" source="CVE" />
+    <description>Multiple integer overflows allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the BN_dec2bn or BN_hex2bn function</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2014-11-05T11:43:28.000-05:00">
+          <contributor organization="Hewlett-Packard">Shruti</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criteria comment="platforms" operator="OR">
+      <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267" />
+      <extend_definition comment="IBM AIX 7.1 is installed" definition_ref="oval:org.mitre.oval:def:18828" />
+    </criteria>
+    <criteria comment="filesets" operator="OR">
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 1.0.1.500" test_ref="oval:org.mitre.oval:tst:126498" />
+        <criterion comment="openssl.base less than or equal 1.0.1.515" test_ref="oval:org.cisecurity:tst:556" />
+        <criterion comment="Interim fix IV83169m9a (vuid: 00F850C34C00040104041816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1211" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 0.9.8.401" test_ref="oval:org.mitre.oval:tst:126501" />
+        <criterion comment="openssl.base less than or equal 0.9.8.2506" test_ref="oval:org.cisecurity:tst:561" />
+        <criterion comment="Interim fix IV83169m9b (vuid: 00F850C34C00040104040816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1209" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base equal to 1.0.2.500" test_ref="oval:org.cisecurity:tst:1212" />
+        <criterion comment="Interim fix IV83169s9d (vuid: 00F850C34C00040105042616) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1208" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 12.9.8.1100" test_ref="oval:org.mitre.oval:tst:126325" />
+        <criterion comment="openssl.base less than or equal 12.9.8.2506" test_ref="oval:org.cisecurity:tst:560" />
+        <criterion comment="Interim fix IV83169m9c (vuid: 00F850C34C00040110042716) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1210" />
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_749.xml

@@ -0,0 +1,47 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:749" version="1">
+  <metadata>
+    <title>Multiple vulnerabilities in OpenSSL affect AIX</title>
+    <affected family="unix">
+      <platform>IBM AIX 6.1</platform>
+      <platform>IBM AIX 7.1</platform>
+    </affected>
+    <reference ref_id="CVE-2016-0800" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800" source="CVE" />
+    <description>A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This vulnerability is known as DROWN</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2014-11-05T11:43:28.000-05:00">
+          <contributor organization="Hewlett-Packard">Shruti</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criteria comment="platforms" operator="OR">
+      <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267" />
+      <extend_definition comment="IBM AIX 7.1 is installed" definition_ref="oval:org.mitre.oval:def:18828" />
+    </criteria>
+    <criteria comment="filesets" operator="OR">
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 1.0.1.500" test_ref="oval:org.mitre.oval:tst:126498" />
+        <criterion comment="openssl.base less than or equal 1.0.1.515" test_ref="oval:org.cisecurity:tst:556" />
+        <criterion comment="Interim fix IV83169m9a (vuid: 00F850C34C00040104041816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1211" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 0.9.8.401" test_ref="oval:org.mitre.oval:tst:126501" />
+        <criterion comment="openssl.base less than or equal 0.9.8.2506" test_ref="oval:org.cisecurity:tst:561" />
+        <criterion comment="Interim fix IV83169m9b (vuid: 00F850C34C00040104040816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1209" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base equal to 1.0.2.500" test_ref="oval:org.cisecurity:tst:1212" />
+        <criterion comment="Interim fix IV83169s9d (vuid: 00F850C34C00040105042616) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1208" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 12.9.8.1100" test_ref="oval:org.mitre.oval:tst:126325" />
+        <criterion comment="openssl.base less than or equal 12.9.8.2506" test_ref="oval:org.cisecurity:tst:560" />
+        <criterion comment="Interim fix IV83169m9c (vuid: 00F850C34C00040110042716) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1210" />
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_750.xml

@@ -0,0 +1,47 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:750" version="1">
+  <metadata>
+    <title>Multiple vulnerabilities in OpenSSL affect AIX</title>
+    <affected family="unix">
+      <platform>IBM AIX 6.1</platform>
+      <platform>IBM AIX 7.1</platform>
+    </affected>
+    <reference ref_id="CVE-2016-0702" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702" source="CVE" />
+    <description>A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2014-11-05T11:43:28.000-05:00">
+          <contributor organization="Hewlett-Packard">Shruti</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criteria comment="platforms" operator="OR">
+      <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267" />
+      <extend_definition comment="IBM AIX 7.1 is installed" definition_ref="oval:org.mitre.oval:def:18828" />
+    </criteria>
+    <criteria comment="filesets" operator="OR">
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 1.0.1.500" test_ref="oval:org.mitre.oval:tst:126498" />
+        <criterion comment="openssl.base less than or equal 1.0.1.515" test_ref="oval:org.cisecurity:tst:556" />
+        <criterion comment="Interim fix IV83169m9a (vuid: 00F850C34C00040104041816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1211" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 0.9.8.401" test_ref="oval:org.mitre.oval:tst:126501" />
+        <criterion comment="openssl.base less than or equal 0.9.8.2506" test_ref="oval:org.cisecurity:tst:561" />
+        <criterion comment="Interim fix IV83169m9b (vuid: 00F850C34C00040104040816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1209" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base equal to 1.0.2.500" test_ref="oval:org.cisecurity:tst:1212" />
+        <criterion comment="Interim fix IV83169s9d (vuid: 00F850C34C00040105042616) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1208" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 12.9.8.1100" test_ref="oval:org.mitre.oval:tst:126325" />
+        <criterion comment="openssl.base less than or equal 12.9.8.2506" test_ref="oval:org.cisecurity:tst:560" />
+        <criterion comment="Interim fix IV83169m9c (vuid: 00F850C34C00040110042716) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1210" />
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_751.xml

@@ -0,0 +1,47 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:751" version="1">
+  <metadata>
+    <title>Multiple vulnerabilities in OpenSSL affect AIX</title>
+    <affected family="unix">
+      <platform>IBM AIX 6.1</platform>
+      <platform>IBM AIX 7.1</platform>
+    </affected>
+    <reference ref_id="CVE-2016-0799" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799" source="CVE" />
+    <description>The fmtstr function improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2014-11-05T11:43:28.000-05:00">
+          <contributor organization="Hewlett-Packard">Shruti</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criteria comment="platforms" operator="OR">
+      <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267" />
+      <extend_definition comment="IBM AIX 7.1 is installed" definition_ref="oval:org.mitre.oval:def:18828" />
+    </criteria>
+    <criteria comment="filesets" operator="OR">
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 1.0.1.500" test_ref="oval:org.mitre.oval:tst:126498" />
+        <criterion comment="openssl.base less than or equal 1.0.1.515" test_ref="oval:org.cisecurity:tst:556" />
+        <criterion comment="Interim fix IV83169m9a (vuid: 00F850C34C00040104041816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1211" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 0.9.8.401" test_ref="oval:org.mitre.oval:tst:126501" />
+        <criterion comment="openssl.base less than or equal 0.9.8.2506" test_ref="oval:org.cisecurity:tst:561" />
+        <criterion comment="Interim fix IV83169m9b (vuid: 00F850C34C00040104040816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1209" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base equal to 1.0.2.500" test_ref="oval:org.cisecurity:tst:1212" />
+        <criterion comment="Interim fix IV83169s9d (vuid: 00F850C34C00040105042616) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1208" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 12.9.8.1100" test_ref="oval:org.mitre.oval:tst:126325" />
+        <criterion comment="openssl.base less than or equal 12.9.8.2506" test_ref="oval:org.cisecurity:tst:560" />
+        <criterion comment="Interim fix IV83169m9c (vuid: 00F850C34C00040110042716) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1210" />
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>

repository/definitions/vulnerability/oval_org.cisecurity_def_752.xml

@@ -0,0 +1,47 @@
+<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:752" version="1">
+  <metadata>
+    <title>Multiple vulnerabilities in OpenSSL affect AIX</title>
+    <affected family="unix">
+      <platform>IBM AIX 6.1</platform>
+      <platform>IBM AIX 7.1</platform>
+    </affected>
+    <reference ref_id="CVE-2016-0798" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798" source="CVE" />
+    <description>An attacker with an invalid username connecting to SRP servers that is configured with a secret seed to hide valid login information are vulnerable to a memory leak of around 300 bytes per connection</description>
+    <oval_repository>
+      <dates>
+        <submitted date="2014-11-05T11:43:28.000-05:00">
+          <contributor organization="Hewlett-Packard">Shruti</contributor>
+        </submitted>
+      </dates>
+      <status>INITIAL SUBMISSION</status>
+      <min_schema_version>5.10</min_schema_version>
+    </oval_repository>
+  </metadata>
+  <criteria operator="AND">
+    <criteria comment="platforms" operator="OR">
+      <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267" />
+      <extend_definition comment="IBM AIX 7.1 is installed" definition_ref="oval:org.mitre.oval:def:18828" />
+    </criteria>
+    <criteria comment="filesets" operator="OR">
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 1.0.1.500" test_ref="oval:org.mitre.oval:tst:126498" />
+        <criterion comment="openssl.base less than or equal 1.0.1.515" test_ref="oval:org.cisecurity:tst:556" />
+        <criterion comment="Interim fix IV83169m9a (vuid: 00F850C34C00040104041816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1211" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 0.9.8.401" test_ref="oval:org.mitre.oval:tst:126501" />
+        <criterion comment="openssl.base less than or equal 0.9.8.2506" test_ref="oval:org.cisecurity:tst:561" />
+        <criterion comment="Interim fix IV83169m9b (vuid: 00F850C34C00040104040816) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1209" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base equal to 1.0.2.500" test_ref="oval:org.cisecurity:tst:1212" />
+        <criterion comment="Interim fix IV83169s9d (vuid: 00F850C34C00040105042616) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1208" />
+      </criteria>
+      <criteria comment="File Version Exists" operator="AND">
+        <criterion comment="openssl.base greater than or equal 12.9.8.1100" test_ref="oval:org.mitre.oval:tst:126325" />
+        <criterion comment="openssl.base less than or equal 12.9.8.2506" test_ref="oval:org.cisecurity:tst:560" />
+        <criterion comment="Interim fix IV83169m9c (vuid: 00F850C34C00040110042716) is installed" negate="true" test_ref="oval:org.cisecurity:tst:1210" />
+      </criteria>
+    </criteria>
+  </criteria>
+</definition>

repository/objects/aix/interim_fix_object/0000/oval_org.cisecurity_obj_316.xml

@@ -0,0 +1,3 @@
+<interim_fix_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" id="oval:org.cisecurity:obj:316" version="1">
+  <vuid>00F850C34C00040104040816</vuid>
+</interim_fix_object>

repository/objects/aix/interim_fix_object/0000/oval_org.cisecurity_obj_317.xml

@@ -0,0 +1,3 @@
+<interim_fix_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" id="oval:org.cisecurity:obj:317" version="1">
+  <vuid>00F850C34C00040110042716</vuid>
+</interim_fix_object>

repository/objects/aix/interim_fix_object/0000/oval_org.cisecurity_obj_318.xml

@@ -0,0 +1,3 @@
+<interim_fix_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" id="oval:org.cisecurity:obj:318" version="1">
+  <vuid>00F850C34C00040105042616</vuid>
+</interim_fix_object>

repository/objects/aix/interim_fix_object/0000/oval_org.cisecurity_obj_319.xml

@@ -0,0 +1,3 @@
+<interim_fix_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" id="oval:org.cisecurity:obj:319" version="1">
+  <vuid>00F850C34C00040104041816</vuid>
+</interim_fix_object>