[ubuntu-hardened] OVAL shows vulnerabilities when software is not installed
Jesus Linares
jesus at wazuh.com
Tue Oct 25 11:12:15 UTC 2016
Hi,
OVAL files are failing again. It is due to the following error:
> File 'com.ubuntu.xenial.cve.oval.xml' line 65535: Element '{
> http://oval.mitre.org/XMLSchema/oval-definitions-5}criterion', attribute
> 'negate': 'True' is not a valid value of the atomic type 'xs:boolean'.
I think it could be fixed by changing "*T*rue" for "*t*rue".
Regards.
On Mon, Oct 24, 2016 at 9:51 AM, Jesus Linares <jesus at wazuh.com> wrote:
> Thanks!. I'm glad to help.
>
> Regards.
>
> On Mon, Oct 24, 2016 at 4:59 AM, Steve Beattie <sbeattie at ubuntu.com>
> wrote:
>
>> On Thu, Oct 20, 2016 at 05:38:01PM +0200, Jesus Linares wrote:
>> > you are right, if the test had "negate", it would be false. So, openscap
>> > will not show it as a vulnerability. I do not understand why the py
>> script
>> > does not print the "negate" string.
>> >
>> > Also, why create a test that always return false?.
>>
>> This was due to a bug in the OVAL data generator script that caused
>> negate attribute to never show up. Thanks to a suggested fix by David
>> Ries, these should now be emitted properly.
>>
>> > is this list the proper site to talk about the oval files of Ubuntu?.
>> > Right now, these oval files are totally useless due to this issue.
>>
>> Yes, this list is the proper place to discuss the OVAL files.
>> Thanks for the interest in them.
>>
>> --
>> Steve Beattie
>> <sbeattie at ubuntu.com>
>> http://NxNW.org/~steve/
>>
>> --
>> ubuntu-hardened mailing list
>> ubuntu-hardened at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>>
>>
>
>
> --
> *Jesus Linares*
> *IT Security Engineer*
>
>
--
*Jesus Linares*
*IT Security Engineer*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20161025/2ea3fe7d/attachment.html>
More information about the ubuntu-hardened
mailing list