[ubuntu-hardened] OVAL show tons of Unknown and Vulnerable installed packages

Steve Beattie sbeattie at ubuntu.com
Fri May 19 18:49:12 UTC 2017

Hi Johan,

On Mon, May 15, 2017 at 04:04:14PM +0200, Johan Ryberg wrote:
> I'm running fully patched Ubuntu 16.04 servers and I'm about to
> validate Open SCAP but I'm not getting trustworthy results.
> I'm using the latest
> https://people.canonical.com/~ubuntu-security/oval/ and are using
> correct file.
> Thousands of packages that are not installed are shown as Unknown or Vulnerable
> Is there any known issues with the xml?

We're probably doing something incorrectly in how we generate the OVAL

Can you give an example of how you're invoking Open SCAP?


Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170519/1ad5621d/attachment.pgp>

More information about the ubuntu-hardened mailing list