<div dir="ltr">Hi all,<div><br></div><div>the files have the correct syntax. But, I still getting "vulnerabilities" related to software that I do not have installed.</div><div><br></div><div>Example:</div><div>-----------</div><div><div><definition class="vulnerability" id="oval:com.ubuntu.xenial:def<wbr>:20148111000" version="1"></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">  </span><metadata></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">         </span><title>CVE-2014-8111 on Ubuntu 16.04 LTS (xenial) - medium.</title></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">          </span><description>Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.</description></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">           </span><affected family="unix"></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                 </span><platform>Ubuntu 16.04 LTS</platform></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                </span></affected></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                </span><reference source="CVE" ref_id="CVE-2014-8111" ref_url="<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8111" target="_blank">https://cve.mitre.org<wbr>/cgi-bin/cvename.cgi?name=CVE-<wbr>2014-8111</a>" /></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">            </span><advisory></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                 </span><severity>Medium</severity></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                  </span><rights>Copyright (C) 2015 Canonical Ltd.</rights></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                   </span><public_date>2015-04-21</publi<wbr>c_date></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                     </span><ref><a href="http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8111.html" target="_blank">http://people.canonical.c<wbr>om/~ubuntu-security/cve/2014/C<wbr>VE-2014-8111.html</a></ref></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                     </span><ref><a href="http://rhn.redhat.com/errata/RHSA-2015-0849.html" target="_blank">http://rhn.redhat.com/err<wbr>ata/RHSA-2015-0849.html</a></ref></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                        </span><ref><a href="http://rhn.redhat.com/errata/RHSA-2015-0848.html" target="_blank">http://rhn.redhat.com/err<wbr>ata/RHSA-2015-0848.html</a></ref></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                        </span><ref><a href="http://rhn.redhat.com/errata/RHSA-2015-0847.html" target="_blank">http://rhn.redhat.com/err<wbr>ata/RHSA-2015-0847.html</a></ref></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                        </span><ref><a href="http://rhn.redhat.com/errata/RHSA-2015-0846.html" target="_blank">http://rhn.redhat.com/err<wbr>ata/RHSA-2015-0846.html</a></ref></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                </span></advisory></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">        </span></metadata></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">        </span><criteria></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">         </span><extend_definition definition_ref="oval:com.ubunt<wbr>u.xenial:def:100" comment="Ubuntu 16.04 LTS (xenial) is installed." applicability_check="true" /></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">                </span><criterion test_ref="oval:com.ubuntu.xeni<wbr>al:tst:20148111000" comment="While related to the CVE in some way, the 'libapache-mod-jk' package in xenial is not affected (note: '1:1.2.40+svn150520-1')." /></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">    </span></criteria></div><div></definition></div><div><br></div><div><linux-def:dpkginfo_test id="oval:com.ubuntu.xenial:tst<wbr>:20148111000" version="1" check_existence="any_exist" check="all" comment="Returns true whether or not the 'libapache-mod-jk' package exists."></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">     </span><linux-def:object object_ref="oval:com.ubuntu.xe<wbr>nial:obj:20148111000"/></div><div></linux-def:dpkginfo_test></div><div><br></div><div><linux-def:dpkginfo_object id="oval:com.ubuntu.xenial:obj<wbr>:20148111000" version="1" comment="The 'libapache-mod-jk' package."></div><div><span class="m_-3423892557967202379gmail-m_-602069060178790684gmail-Apple-tab-span" style="white-space:pre-wrap">    </span><linux-def:name>libapache-mod-<wbr>jk</linux-def:name></div><div></linux-def:dpkginfo_object></div></div><div>---------------</div><div><br></div><div>Openscap shows that my system has that vulnerability, but I do not have installed "libapache-mod-jk" (I tested it with dpkg -l | grep -i apache).</div><div><br></div><div>I think this test should have the "negate" due to the comment "While related to the CVE in some way, the 'libapache-mod-jk' package in<b> xenial is not affected</b>". So, maybe the input of the script is wrong?. Where is the input?.</div><div><br></div><div>Thanks.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 25, 2016 at 6:51 PM, Steve Beattie <span dir="ltr"><<a href="mailto:sbeattie@ubuntu.com" target="_blank">sbeattie@ubuntu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, Oct 25, 2016 at 01:12:15PM +0200, Jesus Linares wrote:<br>
> OVAL files are failing again. It is due to the following error:<br>
><br>
> > File 'com.ubuntu.xenial.cve.oval.<wbr>xml' line 65535: Element '{<br>
> > <a href="http://oval.mitre.org/XMLSchema/oval-definitions-5}criterion" rel="noreferrer" target="_blank">http://oval.mitre.org/<wbr>XMLSchema/oval-definitions-5}<wbr>criterion</a>', attribute<br>
> > 'negate': 'True' is not a valid value of the atomic type 'xs:boolean'.<br>
><br>
><br>
</span>> I think it could be fixed by changing "*T*rue" for "*t*rue".<br>
<br>
Ah nice catch. I've fixed it and caused the OVAL files to be<br>
regenerated, and verified them with "oscap oval validate".<br>
<br>
Thanks!<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Steve Beattie<br>
<<a href="mailto:sbeattie@ubuntu.com">sbeattie@ubuntu.com</a>><br>
<a href="http://NxNW.org/~steve/" rel="noreferrer" target="_blank">http://NxNW.org/~steve/</a><br>
</div></div><br>--<br>
ubuntu-hardened mailing list<br>
<a href="mailto:ubuntu-hardened@lists.ubuntu.com">ubuntu-hardened@lists.ubuntu.<wbr>com</a><br>
<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened" rel="noreferrer" target="_blank">https://lists.ubuntu.com/<wbr>mailman/listinfo/ubuntu-<wbr>hardened</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><b style="font-size:12.8px"><font color="#0b5394">Jesus Linares</font></b><div style="font-size:12.8px"><i><font color="#999999">IT Security Engineer</font></i></div><div style="font-size:12.8px"><i><font color="#999999"><img src="https://docs.google.com/uc?export=download&id=0Bx75KsPzHxO_THFpRzBONGpoeWs&revid=0Bx75KsPzHxO_aG5WOW1OU3p3V3JOVUczVDlPViszMTdGZUtrPQ" width="96" height="16"><br></font></i></div></div></div>
</div>