[ubuntu-hardened] OVAL show tons of Unknown and Vulnerable installed packages

Johan Ryberg johan at securit.se
Mon May 15 14:04:14 UTC 2017


I'm running fully patched Ubuntu 16.04 servers and I'm about to
validate Open SCAP but I'm not getting trustworthy results.

I'm using the latest
https://people.canonical.com/~ubuntu-security/oval/ and are using
correct file.

Thousands of packages that are not installed are shown as Unknown or Vulnerable

Is there any known issues with the xml?

Best regards Johan

More information about the ubuntu-hardened mailing list