need to fix 4 high vulnerability assessments about needing to update zlib 1.2.8
Thomas Ward
teward at ubuntu.com
Tue Oct 10 22:31:31 UTC 2017
Consider that vulnerability scanners are 99% of the time **unaware** of
how the Ubuntu Security Team does updates.
Please compare what vulnerabilities are being reported against the
corresponding CVEs on the Security Team CVE tracker
(http://people.canonical.com/~ubuntu-security/cve/) and then depending
on whether it's reported as fixed or not, adjust your rules for those
detections. (I do this in Nessus - with individual scans of my Ubuntu
infrastructure adjusted on a per-host basis so that it doesn't trigger
on certain events, because it's already resolved but the scanners are
unable to actually recognize it).
Thomas
Ubuntu Server Team Member
LP: ~teward
On 10/10/2017 04:54 PM, Thomas Gertin wrote:
> Hello,
>
> I am getting 4 high vulnerability assessments from my Common
> Vulnerabilities and Exposures-1.1 rules package. They all recommend
> updating my zlib package. I have updated my zlib package and it is
> up-to-date with version 1.2.8. However, it still produces the same
> vulnerability assessments, and I think I may need to update it
> further. I have Ubuntu 14.04.5 LTS. Can anybody help on how to do
> this?
>
> Thanks,
>
> Tom
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20171010/154fd714/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list