updater: enable fetching of RHEL 5 vulnerabilities #217

Quentin-M · 2016-07-15T11:28:23Z

The RHEL updater currently ignores vulnerabilities for CentOS <= 5.
s the naming of the constant firstConsideredRHEL suggests it, it
should actually considers CentOS 5 and ignores CentOS < 5.

Fixes #215

The RHEL updater currently ignores vulnerabilities for CentOS <= 5. s the naming of the constant firstConsideredRHEL suggests it, it should actually considers CentOS 5 and ignores CentOS < 5. Fixes quay#215

Quentin-M · 2016-07-15T11:29:19Z

As soon as LGTM, this should be backported to release-1.1 and release-1.2.

jgsqware · 2016-07-15T13:02:13Z

LGTM

jzelinskie · 2016-07-15T15:55:08Z

We should cherrypick this commit into the stable branch, too.

The RHEL updater currently ignores vulnerabilities for CentOS <= 5. s the naming of the constant firstConsideredRHEL suggests it, it should actually considers CentOS 5 and ignores CentOS < 5. Fixes #215

* upstream/master: updater: enable fetching of RHEL 5 vulnerabilities (quay#217) README: add reference to Klar tool improve v1 api docs header legibility godeps: Remove implicit git submodules readme: add various talks & slides readme: replace latest by v1.2.2 and add reference to container repositories travis: allow golang 'tip' failures (quay#202) updater: delete Ubuntu's repository upon bzr errors Modify URL of libpq documentation (quay#197)

elicode1 · 2016-09-06T12:24:58Z

this is still cousing problems for me. after the fix im getting this error when adding/updating vulns to DB:

2016-09-06 11:57:16.941243 E | pgsql: insertVulnerabilityFixedInFeature: pq: duplicate key value violates unique constraint "vulnerability_fixedin_feature_vulnerability_id_feature_id_key"

database.Vulnerability{Model:database.Model{ID:0}, Name:"RHSA-2009:0382", Namespace:database.Namespace{Model:database.Model{ID:0}, Name:"centos:5"}, Description:"libvirt is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. libvirt also provides tools for remotely managing virtualized systems. The libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections. (CVE-2008-5086) libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Local users could use this flaw to cause a stack-based buffer overflow in libvirt_proxy, possibly allowing them to run arbitrary code with root privileges. (CVE-2009-0036) All users are advised to upgrade to these updated packages, which contain backported patches which resolve these issues. After installing the update, libvirtd must be restarted manually (for example, by issuing a \"service libvirtd restart\" command), and guest systems rebooted, for this change to take effect.", Link:"https://rhn.redhat.com/errata/RHSA-2009-0382.html", Severity:"Medium", Metadata:database.MetadataMap(nil), FixedIn:[]database.FeatureVersion{database.FeatureVersion{Model:database.Model{ID:0}, Feature:database.Feature{Model:database.Model{ID:0}, Name:"libvirt-python", Namespace:database.Namespace{Model:database.Model{ID:0}, Name:"centos:5"}}, Version:types.Version{epoch:0, version:"0.3.3", revision:"14.el5_3.1"}, AffectedBy:[]database.Vulnerability(nil), AddedBy:database.Layer{Model:database.Model{ID:0}, Name:"", EngineVersion:0, Parent:(*database.Layer)(nil), Namespace:(*database.Namespace)(nil), Features:[]database.FeatureVersion(nil)}}, database.FeatureVersion{Model:database.Model{ID:0}, Feature:database.Feature{Model:database.Model{ID:0}, Name:"libvirt-devel", Namespace:database.Namespace{Model:database.Model{ID:0}, Name:"centos:5"}}, Version:types.Version{epoch:0, version:"0.3.3", revision:"14.el5_3.1"}, AffectedBy:[]database.Vulnerability(nil), AddedBy:database.Layer{Model:database.Model{ID:0}, Name:"", EngineVersion:0, Parent:(*database.Layer)(nil), Namespace:(*database.Namespace)(nil), Features:[]database.FeatureVersion(nil)}}, database.FeatureVersion{Model:database.Model{ID:0}, Feature:database.Feature{Model:database.Model{ID:0}, Name:"libvirt", Namespace:database.Namespace{Model:database.Model{ID:0}, Name:"centos:5"}}, Version:types.Version{epoch:0, version:"0.3.3", revision:"14.el5_3.1"}, AffectedBy:[]database.Vulnerability(nil), AddedBy:database.Layer{Model:database.Model{ID:0}, Name:"", EngineVersion:0, Parent:(*database.Layer)(nil), Namespace:(*database.Namespace)(nil), Features:[]database.FeatureVersion(nil)}}, database.FeatureVersion{Model:database.Model{ID:0}, Feature:database.Feature{Model:database.Model{ID:0}, Name:"libvirt-python", Namespace:database.Namespace{Model:database.Model{ID:0}, Name:"centos:5"}}, Version:types.Version{epoch:0, version:"0.3.3", revision:"14.el5_3.1"}, AffectedBy:[]database.Vulnerability(nil), AddedBy:database.Layer{Model:database.Model{ID:0}, Name:"", EngineVersion:0, Parent:(*database.Layer)(nil), Namespace:(*database.Namespace)(nil), Features:[]database.FeatureVersion(nil)}}, database.FeatureVersion{Model:database.Model{ID:0}, Feature:database.Feature{Model:database.Model{ID:0}, Name:"libvirt-devel", Namespace:database.Namespace{Model:database.Model{ID:0}, Name:"centos:5"}}, Version:types.Version{epoch:0, version:"0.3.3", revision:"14.el5_3.1"}, AffectedBy:[]database.Vulnerability(nil), AddedBy:database.Layer{Model:database.Model{ID:0}, Name:"", EngineVersion:0, Parent:(*database.Layer)(nil), Namespace:(*database.Namespace)(nil), Features:[]database.FeatureVersion(nil)}}, database.FeatureVersion{Model:database.Model{ID:0}, Feature:database.Feature{Model:database.Model{ID:0}, Name:"libvirt", Namespace:database.Namespace{Model:database.Model{ID:0}, Name:"centos:5"}}, Version:types.Version{epoch:0, version:"0.3.3", revision:"14.el5_3.1"}, AffectedBy:[]database.Vulnerability(nil), AddedBy:database.Layer{Model:database.Model{ID:0}, Name:"", EngineVersion:0, Parent:(*database.Layer)(nil), Namespace:(*database.Namespace)(nil), Features:[]database.FeatureVersion(nil)}}}, LayersIntroducingVulnerability:[]database.Layer(nil), FixedBy:types.Version{epoch:0, version:"", revision:""}}

note the problematic vulnerability is assosiated with centos 5.
also when removing = from the fix:

if osVersion > firstConsideredRHEL {

and stop suporting centos 5 conflict is solved

any idea?

updater: enable fetching of RHEL 5 vulnerabilities

facb766

The RHEL updater currently ignores vulnerabilities for CentOS <= 5. s the naming of the constant firstConsideredRHEL suggests it, it should actually considers CentOS 5 and ignores CentOS < 5. Fixes quay#215

Quentin-M assigned jzelinskie Jul 15, 2016

Quentin-M added component/updater kind/bug things are not as they seem labels Jul 15, 2016

jzelinskie merged commit be97db5 into quay:master Jul 15, 2016

jzelinskie deleted the enable_rhel5 branch July 15, 2016 15:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

updater: enable fetching of RHEL 5 vulnerabilities #217

updater: enable fetching of RHEL 5 vulnerabilities #217

Quentin-M commented Jul 15, 2016

Quentin-M commented Jul 15, 2016

jgsqware commented Jul 15, 2016

jzelinskie commented Jul 15, 2016

elicode1 commented Sep 6, 2016

updater: enable fetching of RHEL 5 vulnerabilities #217

updater: enable fetching of RHEL 5 vulnerabilities #217

Conversation

Quentin-M commented Jul 15, 2016

Quentin-M commented Jul 15, 2016

jgsqware commented Jul 15, 2016

jzelinskie commented Jul 15, 2016

elicode1 commented Sep 6, 2016