Distro: AlmaLinux
Add support for ingesting AlmaLinux into the command line component for vuln-list ingestion.
AlmaLinux is a distribution created to close the gap left by the discontinuation of CentOS.
Trivy Ingestion Code
- https://github.com/aquasecurity/trivy-db/blob/main/pkg/vulnsrc/alma/alma.go
- https://github.com/aquasecurity/trivy-db/blob/main/pkg/vulnsrc/alma/types.go
Ingestion
- Organization:
/alma/<distro major version e.g. 8, 9>/<year 2022, 2023>/- Example:
/alma/9/2023 - Folder of JSON files named with ALSA vulnerability identifier (
ALSA-2023:0005.json)
- Example:
- Mapping to CVE
- Find in
references:-
type==cve - return
id
-
- Find in
- Fixed Version
-
pkglist.packages— A list of updated packages containing the fix- The packages array may contain multiple entries for a single package, one per architecture.
- The trivy code filters out architectures that are not:
noarchorx86_64
- The trivy code filters out architectures that are not:
- The packages array may contain multiple packages that are impacted.
- If an older version of the advisory has been ingested, the logic is to pick the newer fixed version IF it is less than the earlier fixed version.
- Normalizing severity:
-
low→ low -
moderate→ medium -
important→ high -
critical→ critical
-
- The packages array may contain multiple entries for a single package, one per architecture.
- Fixed Version construction
- https://github.com/aquasecurity/trivy-db/blob/db9680195a7a130c30c80407bd34d53ebdc3d0b2/pkg/utils/utils.go#L17
- if
epochis ≠ 0 or emptyepoch:
version- if
release≠””-release
- Example:
- Example with epoch
-
epoch”1”version”5.15.29”release”16.111.amzn2022” 1:5.15.29-16.111.amzn2022
-
- Example without epoch
-
epoch”0”version”5.5.29”release”16.111.amzn2022” 5.15.29-16.111.amzn2022
-
- Example with epoch
-
Examples
Click to expand
Example #1 (closed):
{
"_id": {},
"bs_repo_id": {},
"updateinfo_id": "ALSA-2023:0005",
"description": "The Byte Code Engineering Library (Apache Commons BCEL) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class).\n\nSecurity Fix(es):\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"fromstr": "packager@almalinux.org",
"issued_date": {
"$date": 1672617600000
},
"pkglist": {
"name": "almalinux-9-for-i686-appstream-rpms__9_1_default",
"shortname": "almalinux-9-for-i686-appstream-rpms__9_1_default",
"packages": [
{
"name": "bcel",
"version": "6.4.1",
"release": "9.el9_1",
"epoch": "0",
"arch": "noarch",
"src": "bcel-6.4.1-9.el9_1.src.rpm",
"filename": "bcel-6.4.1-9.el9_1.noarch.rpm",
"sum": "a39a659c1e56d24d1b8070a45638ed96873ac5e2eae6c7652ba72237212611b9",
"sum_type": 5,
"reboot_suggested": 0
}
],
"module": {}
},
"pushcount": "1",
"references": [
{
"href": "https://access.redhat.com/errata/RHSA-2023:0005",
"type": "rhsa",
"id": "RHSA-2023:0005",
"title": "RHSA-2023:0005"
},
{
"href": "https://access.redhat.com/security/cve/CVE-2022-42920",
"type": "cve",
"id": "CVE-2022-42920",
"title": "CVE-2022-42920"
},
{
"href": "https://bugzilla.redhat.com/2142707",
"type": "bugzilla",
"id": "2142707",
"title": ""
},
{
"href": "https://errata.almalinux.org/9/ALSA-2023-0005.html",
"type": "self",
"id": "ALSA-2023:0005",
"title": "ALSA-2023:0005"
}
],
"release": "0",
"rights": "Copyright 2023 AlmaLinux OS",
"severity": "Important",
"solution": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"status": "final",
"summary": "bcel security update",
"title": "Important: bcel security update",
"type": "security",
"updated_date": {
"$date": 1672818149000
},
"version": "1"
}Example 2
{
"_id": {},
"bs_repo_id": {},
"updateinfo_id": "ALSA-2023:0335",
"description": "D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per
-user-login-session messaging facility.\n\nSecurity Fix(es):\n\n* dbus: dbus-daemon crashes when receiving message with incorrectly nested parenthes
es and curly brackets (CVE-2022-42010)\n* dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type (CVE-2022-42
011)\n* dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with \"foreign\" endianness correctly (CVE-2022-42012)\n\nFor more details ab
out the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in th
e References section.",
"fromstr": "packager@almalinux.org",
"issued_date": {
"$date": 1674432000000
},
"pkglist": {
"name": "almalinux-9-for-i686-appstream-rpms__9_1_default",
"shortname": "almalinux-9-for-i686-appstream-rpms__9_1_default",
"packages": [
{
"name": "dbus-devel",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "i686",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-devel-1.12.20-7.el9_1.i686.rpm",
"sum": "c97a2b53d1e239d3ee880222cfdcbdf1313303a277cf692261e303b1b3acd3f4",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-daemon",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "ppc64le",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-daemon-1.12.20-7.el9_1.ppc64le.rpm",
"sum": "1ec684db30d9a8e01de3d584d487bc75eec9583a27d6bc40be263ba61d2827e0",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-devel",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "ppc64le",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-devel-1.12.20-7.el9_1.ppc64le.rpm",
"sum": "86d2772e9d01a304f3468798e1e5f3869f643f4e759083f79671f8760c33148c",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-x11",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "ppc64le",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-x11-1.12.20-7.el9_1.ppc64le.rpm",
"sum": "8822f02d8b2085f08f6ec8c2219904e13af3b622de98b28a4bbabf94bed53c89",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-daemon",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "x86_64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-daemon-1.12.20-7.el9_1.x86_64.rpm",
"sum": "73be12f0f0eb20913849e68e59892db8eeb8cdee2074a33a2f6350db4c9409dc",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-devel",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "x86_64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-devel-1.12.20-7.el9_1.x86_64.rpm",
"sum": "b2d9698e946982a570fff94944a36feaad43686ce055530caca1bd939211f8c6",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-x11",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "x86_64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-x11-1.12.20-7.el9_1.x86_64.rpm",
"sum": "c9a27e7070c3c3cd43453d4600eea41e92b8ea82bee69ae3b1e8784ab96aaabb",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-daemon",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "aarch64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-daemon-1.12.20-7.el9_1.aarch64.rpm",
"sum": "e2be0b8fe93b5d3e54cb450c8e4fd6d3058860e80dd8478ba4114c2b9589e88e",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-x11",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "aarch64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-x11-1.12.20-7.el9_1.aarch64.rpm",
"sum": "f3269a2b80bcba0bdaaa8964965991aeb2c20f21108125f74e21b2dbe2ef8a70",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-devel",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "aarch64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-devel-1.12.20-7.el9_1.aarch64.rpm",
"sum": "fc347a6cc61644773377edf90cadc1030f66da2953d667408c80f94efb238116",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-common",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "noarch",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-common-1.12.20-7.el9_1.noarch.rpm",
"sum": "75c6f87a0f4bac8661f16fa322d5c14cc0f4438403a80262b68dab4d4055d1b2",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-libs",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "i686",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-libs-1.12.20-7.el9_1.i686.rpm",
"sum": "b40375a3eb52369ad3b9194ecae180cf27a7bb3630e8d0211a34700cf7375ac3",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-x11",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "s390x",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-x11-1.12.20-7.el9_1.s390x.rpm",
"sum": "7aef005697192435e2bb5d924f5d25633ed41c9be1104557828dca025ffc3a6e",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-devel",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "s390x",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-devel-1.12.20-7.el9_1.s390x.rpm",
"sum": "7dd2507adbf7fbd7a3a9fd6fddf3dceb712c08123a6eb779da963ed6ec3c54d4",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-daemon",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "s390x",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-daemon-1.12.20-7.el9_1.s390x.rpm",
"sum": "d64655c85529f988adeaca33daef71d797397e07ca20d9394e13ecafb10fe101",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "x86_64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-1.12.20-7.el9_1.x86_64.rpm",
"sum": "25f533f01964ef3c86c74f18d23d15d7c45179b25cdf56415618f47690138e68",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-libs",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "x86_64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-libs-1.12.20-7.el9_1.x86_64.rpm",
"sum": "423cf72ce1aa5d424d7137710f97dae6eda3fa3301381d1edd1eade8d108b108",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-tools",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "x86_64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-tools-1.12.20-7.el9_1.x86_64.rpm",
"sum": "b0624e4aae4529b79579274a8438a8b4e573219830c738cc8efd20a38da6b14e",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-libs",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "ppc64le",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-libs-1.12.20-7.el9_1.ppc64le.rpm",
"sum": "6cf0eec5271be993648febbe52af400eae5f4ae822f35958d2bcd1234f9aacbe",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "ppc64le",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-1.12.20-7.el9_1.ppc64le.rpm",
"sum": "92197fc729c75ca6b4e553dc5c3a9aececec5b177f837ef384191b564208cca1",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-tools",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "ppc64le",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-tools-1.12.20-7.el9_1.ppc64le.rpm",
"sum": "b38bd1e4656fa63684d94fbdf0126cb26198eac50aed287f62a86d6258dbcef4",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-tools",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "s390x",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-tools-1.12.20-7.el9_1.s390x.rpm",
"sum": "b203d0e67bdd7ee7280b5bb229f3e6ac1f7f28142c4a7955931f4957df422e3e",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-libs",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "s390x",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-libs-1.12.20-7.el9_1.s390x.rpm",
"sum": "bb5b28ac29dca041bfed782f04cda743822f80a5c2d6aa2a81bbf61e32eb545b",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "s390x",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-1.12.20-7.el9_1.s390x.rpm",
"sum": "fa7b25df7c0a0f7f929f985c1ce081d9d24e623254cf62c446e1174a9a910663",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-libs",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "aarch64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-libs-1.12.20-7.el9_1.aarch64.rpm",
"sum": "660bc42649e14387c460ea79300035c24311470452d833586120a859da6aa039",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus-tools",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "aarch64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-tools-1.12.20-7.el9_1.aarch64.rpm",
"sum": "a89b5ab1b66bba971488828bc0f6c09408680b6363400ca60b9dc12d8815da05",
"sum_type": 5,
"reboot_suggested": 0
},
{
"name": "dbus",
"version": "1.12.20",
"release": "7.el9_1",
"epoch": "1",
"arch": "aarch64",
"src": "dbus-1.12.20-7.el9_1.src.rpm",
"filename": "dbus-1.12.20-7.el9_1.aarch64.rpm",
"sum": "c77d777ab0f149c564d10288a77960c4588fe372f3e3cd2055b9d5fa905c658d",
"sum_type": 5,
"reboot_suggested": 0
}
],
"module": {}
},
"pushcount": "1",
"references": [
{
"href": "https://access.redhat.com/errata/RHSA-2023:0335",
"type": "rhsa",
"id": "RHSA-2023:0335",
"title": "RHSA-2023:0335"
},
{
"href": "https://access.redhat.com/security/cve/CVE-2022-42010",
"type": "cve",
"id": "CVE-2022-42010",
"title": "CVE-2022-42010"
},
{
"href": "https://access.redhat.com/security/cve/CVE-2022-42011",
"type": "cve",
"id": "CVE-2022-42011",
"title": "CVE-2022-42011"
},
{
"href": "https://access.redhat.com/security/cve/CVE-2022-42012",
"type": "cve",
"id": "CVE-2022-42012",
"title": "CVE-2022-42012"
},
{
"href": "https://bugzilla.redhat.com/2133616",
"type": "bugzilla",
"id": "2133616",
"title": ""
},
{
"href": "https://bugzilla.redhat.com/2133617",
"type": "bugzilla",
"id": "2133617",
"title": ""
},
{
"href": "https://bugzilla.redhat.com/2133618",
"type": "bugzilla",
"id": "2133618",
"title": ""
},
{
"href": "https://errata.almalinux.org/9/ALSA-2023-0335.html",
"type": "self",
"id": "ALSA-2023:0335",
"title": "ALSA-2023:0335"
}
],
"release": "0",
"rights": "Copyright 2023 AlmaLinux OS",
"severity": "Moderate",
"solution": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.co
m/articles/11258",
"status": "final",
"summary": "dbus security update",
"title": "Moderate: dbus security update",
"type": "security",
"updated_date": {
"$date": 1674579701000
},
"version": "1"
}Edited by Michael Eddington