Home Home > 2011 > 04 > 01 > Securing the future of openSUSE
Sign up | Login

Securing the future of openSUSE

April 1st, 2011 by

As a valued member of the openSUSE community, we couldn’t wait to bring you the good news. This post is to announce the release of a new security-oriented resource  currently being generated for the openSUSE/Novell suite of products and submitted to National Institute of Standards and Technology(NIST) as a definitive resource from which to assess and report upon the machine state of computer systems. Well, maybe we haven’t thought of a great logo or slogan for it yet, but if you read on I think you’ll agree that no matter what we call it, it’s super!

Starting on Friday, April 01 2011, a record for each security announcement released through the opensuse-security-announce mailinglist will be maintained on a cumulative basis within the Amazon EC2 Cloud for general public review and use. Once an announcement has reached our email inbox, we will be automatically generating a specifically formatted intermediate XML source code object.

The email is parsed using custom-built PERL Modules and a data structure is populated. The following construct presents an example view of the Novell array structure:

cat SUSE-SA\:2009\:043.txt | perl ~/bin/perl/vector.pl

$VAR1 = 'NovellListPost';
$VAR2 = {
          'Parameters' => {
                            'domain' => '.*@(.*?)>',
                            'false' => undef,
                            'local-part' => ':\\s+<mailto:(.*?)@.*',
                            'true' => ':\\s+<mailto:(.*?)>'
                          },
          'Results' => 'opensuse-security-announce@opensuse.org',
          'Novell' => {
                        'F' => 'false',
                        'T' => 'true',
                        'D' => 'domain',
                        'L' => 'local-part'
                      },
          'Keywords' => {
                          'domain' => 'D',
                          'false' => 'F',
                          'local-part' => 'L',
                          'true' => 'T'
                        }
        };
$VAR3 = 'NovellListSubscribe';
$VAR4 = {
          'Parameters' => {
                            'domain' => '.*@(.*?)>',
                            'false' => undef,
                            'local-part' => ':\\s+<mailto:(.*?)@.*',
                            'true' => ':\\s+<mailto:(.*?)>'
                          },
          'Results' => 'opensuse-security-announce+subscribe@opensuse.org',
          'Novell' => {
                        'F' => 'false',
                        'T' => 'true',
                        'D' => 'domain',
                        'L' => 'local-part'
                      },
          'Keywords' => {
                          'domain' => 'D',
                          'false' => 'F',
                          'local-part' => 'L',
                          'true' => 'T'
                        }
        };
$VAR5 = 'NovellXMailingList';
$VAR6 = {
          'Parameters' => {
                            'false' => undef,
                            'true' => ':\\s+(.*?)'
                          },
          'Results' => 'opensuse-security-announce',
          'Novell' => {
                        'F' => 'false',
                        'T' => 'true'
                      },
          'Keywords' => {
                          'false' => 'F',
                          'true' => 'T'
                        }
        };
$VAR7 = 'NovellListOwner';
$VAR8 = {
          'Parameters' => {
                            'domain' => '.*@(.*?)>',
                            'false' => undef,
                            'local-part' => ':\\s+<mailto:(.*?)@.*',
                            'true' => ':\\s+<mailto:(.*?)>'
                          },
          'Results' => 'opensuse-security-announce+owner@opensuse.org',
          'Novell' => {
                        'F' => 'false',
                        'T' => 'true',
                        'D' => 'domain',
                        'L' => 'local-part'
                      },
          'Keywords' => {
                          'domain' => 'D',
                          'false' => 'F',
                          'local-part' => 'L',
                          'true' => 'T'
                        }
        };
$VAR9 = 'NovellListArchive';
$VAR10 = {
           'Parameters' => {
                             'false' => undef,
                             'true' => ':\\s+<(.*?)>'
                           },
           'Results' => 'http://lists.opensuse.org/opensuse-security-announce/',
           'Novell' => {
                         'F' => 'false',
                         'T' => 'true'
                       },
           'Keywords' => {
                           'false' => 'F',
                           'true' => 'T'
                         }
         };
$VAR11 = 'NovellListUnsubscribe';
$VAR12 = {
           'Parameters' => {
                             'domain' => '.*@(.*?)>',
                             'false' => undef,
                             'local-part' => ':\\s+<mailto:(.*?)@.*',
                             'true' => ':\\s+<mailto:(.*?)>'
                           },
           'Results' => 'NOVELLLISTUNSUBSCRIBE',
           'Novell' => {
                         'F' => 'false',
                         'T' => 'true',
                         'D' => 'domain',
                         'L' => 'local-part'
                       },
           'Keywords' => {
                           'domain' => 'D',
                           'false' => 'F',
                           'local-part' => 'L',
                           'true' => 'T'
                         }
         };
$VAR13 = 'NovellNamespace';
$VAR14 = {
           'Parameters' => {
                             'qualified' => 'http://www.maitreyasecurity.com/namespace/xsdl/0.0.1',
                             'unqualified' => undef
                           },
           'Results' => 'http://www.maitreyasecurity.com/namespace/xsdl/0.0.1',
           'Novell' => {
                         'Q' => 'qualified',
                         'U' => 'unqualified'
                       },
           'Keywords' => {
                           'qualified' => 'Q',
                           'unqualified' => 'U'
                         }
         };
$VAR15 = 'NovellListHelp';
$VAR16 = {
           'Parameters' => {
                             'domain' => '.*@(.*?)>',
                             'false' => undef,
                             'local-part' => ':\\s+<mailto:(.*?)@.*',
                             'true' => ':\\s+<mailto:(.*?)>'
                           },
           'Results' => 'opensuse-security-announce+help@opensuse.org',
           'Novell' => {
                         'F' => 'false',
                         'T' => 'true',
                         'D' => 'domain',
                         'L' => 'local-part'
                       },
           'Keywords' => {
                           'domain' => 'D',
                           'false' => 'F',
                           'local-part' => 'L',
                           'true' => 'T'
                         }
         };
$VAR17 = 'NovellMailingList';
$VAR18 = {
           'Parameters' => {
                             'false' => undef,
                             'true' => ':\\s+(.*)',
                             'contact' => '.*\\s+(.*?);.*',
                             'service' => 'some regex'
                           },
           'Results' => 'opensuse-security-announce+help@opensuse.org',
           'Novell' => {
                         'S' => 'service',
                         'F' => 'false',
                         'T' => 'true',
                         'C' => 'contact'
                       },
           'Keywords' => {
                           'false' => 'F',
                           'true' => 'T',
                           'contact' => 'C',
                           'service' => 'S'
                         }
         };

There are also three(3) other arrays concurrently populated during runtime: XSDL(root), Alert and SA(Security Announcement). The following construct presents an example view of the intermediate XML source code file:

<SecureDocument xml:id="xsdlSecurityAnnouncement.20090921122915" xml:lang="en_US">
  <DocumentInfo classification="sensitive but unclassified">
    <ClientId>QUERY FROM XSDL CONFIG</ClientId>
    <SecurityManagement>
      <ChangeControl>
        <RevisionId>0.0.1</RevisionId>
        <Author>SET AUTHOR</Author>
        <Reviewer>SET REVIEWER</Reviewer>
      </ChangeControl>
      <AccessControl>
        <User uid="0">rw-</User>
        <Group gid="0">r--</Group>
        <Other>---</Other>
        <NamedUser uid="1000">rw-</NamedUser>
      </AccessControl>
    </SecurityManagement>
  </DocumentInfo>
  <Alert>
    <Novell>
      <NovellInfo mailinglistid="opensuse-security-announce">
        <NovellListPost>opensuse-security-announce@opensuse.org</NovellListPost>
        <NovellListHelp>opensuse-security-announce+help@opensuse.org</NovellListHelp>
        <NovellListSubscribe>opensuse-security-announce+subscribe@opensuse.org</NovellListSubscribe>
        <NovellListUnsubscribe>NOVELLLISTUNSUBSCRIBE</NovellListUnsubscribe>
        <NovellListOwner>opensuse-security-announce+owner@opensuse.org</NovellListOwner>
        <NovellListArchive>http://lists.opensuse.org/opensuse-security-announce/</NovellListArchive>
      </NovellInfo>
      <SecurityAnnouncements mailinglistid="opensuse-security-announce">
        <SecurityAnnouncement announcementid="suse-sa.2009.043" messageid="4a7c2f74.PDnoCkxJL3G/MnMv%meissner@suse.de">
          <SecurityAnnouncementInfo>
            <DeliveryDate>Fri, 07 Aug 2009 06:47:01 -0700</DeliveryDate>
            <SourceAddress>Marcus Meissner</SourceAddress>
          </SecurityAnnouncementInfo>
          <Subject>SUSE Security Announcement: Sun Java</Subject>
          <VulnerabilityType>Remote Code Execution</VulnerabilityType>
          <ImpactLevel>8</ImpactLevel>
          <SuseDefaultPackage>true</SuseDefaultPackage>
          <AffectedProducts>
            <AffectedProduct>java-1_5_0-sun</AffectedProduct>
            <AffectedProduct>java-1_6_0-sun</AffectedProduct>
          </AffectedProducts>
          <AffectedPlatforms>
            <AffectedPlatform>openSUSE 10.3</AffectedPlatform>
            <AffectedPlatform>openSUSE 11.0</AffectedPlatform>
            <AffectedPlatform>openSUSE 11.1</AffectedPlatform>
            <AffectedPlatform>SLES 11 DEBUGINFO</AffectedPlatform>
            <AffectedPlatform>SLED 11</AffectedPlatform>
          </AffectedPlatforms>
          <ApplicableAdvisories>
            <ApplicableAdvisory>CVE-2009-2670</ApplicableAdvisory>
            <ApplicableAdvisory>CVE-2009-2671</ApplicableAdvisory>
            <ApplicableAdvisory>CVE-2009-2672</ApplicableAdvisory>
            <ApplicableAdvisory>CVE-2009-2673</ApplicableAdvisory>
            <ApplicableAdvisory>CVE-2009-2674</ApplicableAdvisory>
            <ApplicableAdvisory>CVE-2009-2675</ApplicableAdvisory>
            <ApplicableAdvisory>CVE-2009-2676</ApplicableAdvisory>
          </ApplicableAdvisories>
          <Vulnerabilities>
            <Vulnerability>The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues.</Vulnerability>
            <Vulnerability>CVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.</Vulnerability>
            <Vulnerability>CVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the user name of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.</Vulnerability>
            <Vulnerability>CVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.</Vulnerability>
            <Vulnerability>CVE-2009-2673: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.</Vulnerability>
            <Vulnerability>CVE-2009-2674: Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to gain privileges via vectors involving an untrusted Java Web Start application that grants permissions to itself, related to parsing of JPEG images.</Vulnerability>
            <Vulnerability>CVE-2009-2675: Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via vectors involving an untrusted (1) applet or (2) Java Web Start application that grants permissions to itself, related to decompression.</Vulnerability>
            <Vulnerability>CVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.</Vulnerability>
          </Vulnerabilities>
          <SecurityUpdates>
            <Platform architecture="i586">
              <Distribution release="openSUSE 10.3">
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_5_0-sun-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_5_0-sun-demo-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_5_0-sun-devel-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_5_0-sun-src-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun-alsa-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun-debuginfo-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun-demo-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun-devel-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun-jdbc-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun-plugin-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun-src-1.6.0.u15-0.1.i586.rpm</Update>
              </Distribution>
              <Distribution release="openSUSE 11.0">
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-demo-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-devel-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-src-1.5.0_update20-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-alsa-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-demo-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-devel-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-jdbc-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-plugin-1.6.0.u15-0.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-src-1.6.0.u15-0.1.i586.rpm</Update>
              </Distribution>
              <Distribution release="openSUSE 11.1">
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_5_0-sun-1.5.0_update20-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update20-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_5_0-sun-devel-1.5.0_update20-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update20-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update20-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_5_0-sun-src-1.5.0_update20-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_6_0-sun-1.6.0.u15-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_6_0-sun-alsa-1.6.0.u15-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_6_0-sun-devel-1.6.0.u15-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_6_0-sun-jdbc-1.6.0.u15-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_6_0-sun-plugin-1.6.0.u15-0.1.1.i586.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/i586/java-1_6_0-sun-src-1.6.0.u15-0.1.1.i586.rpm</Update>
              </Distribution>
            </Platform>
            <Platform architecture="x86_64">
              <Distribution release="openSUSE 10.3">
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_5_0-sun-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_5_0-sun-src-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_6_0-sun-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_6_0-sun-alsa-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_6_0-sun-debuginfo-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_6_0-sun-demo-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_6_0-sun-devel-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_6_0-sun-jdbc-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/x86_64/java-1_6_0-sun-src-1.6.0.u15-0.1.x86_64.rpm</Update>
              </Distribution>
              <Distribution release="openSUSE 11.0">
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-src-1.5.0_update20-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-alsa-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-demo-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-devel-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-jdbc-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-plugin-1.6.0.u15-0.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-src-1.6.0.u15-0.1.x86_64.rpm</Update>
              </Distribution>
              <Distribution release="openSUSE 11.1">
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_5_0-sun-1.5.0_update20-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_update20-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_update20-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_update20-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_5_0-sun-src-1.5.0_update20-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_6_0-sun-1.6.0.u15-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_6_0-sun-alsa-1.6.0.u15-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_6_0-sun-devel-1.6.0.u15-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_6_0-sun-jdbc-1.6.0.u15-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_6_0-sun-plugin-1.6.0.u15-0.1.1.x86_64.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/x86_64/java-1_6_0-sun-src-1.6.0.u15-0.1.1.x86_64.rpm</Update>
              </Distribution>
            </Platform>
            <Platform architecture="src">
              <Distribution release="openSUSE 10.3">
                <Update>http://download.opensuse.org/update/10.3/rpm/src/java-1_5_0-sun-1.5.0_update20-0.1.nosrc.rpm</Update>
                <Update>http://download.opensuse.org/update/10.3/rpm/src/java-1_6_0-sun-1.6.0.u15-0.1.nosrc.rpm</Update>
              </Distribution>
              <Distribution release="openSUSE 11.0">
                <Update>http://download.opensuse.org/update/11.0/rpm/src/java-1_5_0-sun-1.5.0_update20-0.1.nosrc.rpm</Update>
                <Update>http://download.opensuse.org/update/11.0/rpm/src/java-1_6_0-sun-1.6.0.u15-0.1.nosrc.rpm</Update>
              </Distribution>
              <Distribution release="openSUSE 11.1">
                <Update>http://download.opensuse.org/update/11.1/rpm/src/java-1_5_0-sun-1.5.0_update20-0.1.1.nosrc.rpm</Update>
                <Update>http://download.opensuse.org/update/11.1/rpm/src/java-1_6_0-sun-1.6.0.u15-0.1.1.nosrc.rpm</Update>
              </Distribution>
            </Platform>
          </SecurityUpdates>
        </SecurityAnnouncement>
      </SecurityAnnouncements>
    </Novell>
  </Alert>
</SecureDocument>

This intermediate XML source code file is then  transformed and produces an Open Vulnerability Assessment Language definition for use in Assessment, System State Testing and possibly even Certification of Package and System for Common Criteria CAPP/EAL4+ Compliance. The following URL presents a sample view of what the OVAL XML source code will be available for general public use: http://oval.mitre.org/repository/data/ViewDefinition?id=oval%3aorg.mitre.oval%3adef%3a8280

This resource presents the following advantages: openSUSE may be marketed as leading the information security pathway, all system status applications may parse the intermediate XML file and process relatively easily the security announcement; and last but not least, both intermediate and final XML objects may be digitally signed by Novell/openSUSE, encrypted and presented to partners, applications and management web services.

We have been working silently for six(6) years now, diligently trying to achieve the desired goal of helping to pave the way for openSUSE use throughout the public sector.  I believe that through advancements within the information security area of openSUSE Linux computing that more individuals are likely to adopt and appreciate the vast contributions that the openSUSE community makes on a daily basis.

If you think of a good name for us to tag onto this new resource, please let us know! Comments are welcome and appreciated!

Both comments and pings are currently closed.

One Response to “Securing the future of openSUSE”

  1. Marcus Meissner

    http://support.novell.com/security/oval/ exists and you know it, but completely fail to mention it?