[ubuntu-hardened] OVAL shows vulnerabilities when software is not installed
jesus at wazuh.com
Tue Jul 4 17:50:57 UTC 2017
I'm testing again the oval files for Xenial 16.04 (updated) and OpenSCAP
reports 1750 *fails*... Something weird is happening. I will check out this
issue again, but I would appreciate any help.
Here an example:
> <linux-def:dpkginfo_test id="oval:com.ubuntu.xenial:tst:20176919000"
> version="1" check_existence="any_exist" check="all" comment="*Returns
> true whether or not the 'drupal7' package exists.*">
> <linux-def:object object_ref="oval:com.ubuntu.xenial:obj:20076752000"/>
> <linux-def:dpkginfo_object id="oval:com.ubuntu.xenial:obj:20076752000"
> version="1" comment="The 'drupal7' package.">
If the check return always true, it doesn't make sense...
On Wed, Nov 2, 2016 at 11:29 AM, Jesus Linares <jesus at wazuh.com> wrote:
> this is from the specific CVE: xenial_libapache-mod-jk: not-affected (1:
> So, if it is not affected for xenial, the check should include the
> "negate" in order to return that is not a vulnerability, right?.
> On Fri, Oct 28, 2016 at 9:10 PM, Seth Arnold <seth.arnold at canonical.com>
>> On Fri, Oct 28, 2016 at 11:19:21AM +0200, Jesus Linares wrote:
>> > I think this test should have the "negate" due to the comment "While
>> > related to the CVE in some way, the 'libapache-mod-jk' package in*
>> > is not affected*". So, maybe the input of the script is wrong?. Where is
>> > the input?.
>> The input is from the ubuntu-cve-tracker bzr tree;
>> In the case of this specific CVE:
>> ubuntu-hardened mailing list
>> ubuntu-hardened at lists.ubuntu.com
> *Jesus Linares*
> *IT Security Engineer*
*IT Security Engineer*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-hardened