<div dir="ltr">Hi,<div><br></div><div>I'm testing again the oval files for Xenial 16.04 (updated) and OpenSCAP reports 1750 <i>fails</i>... Something weird is happening. I will check out this issue again, but I would appreciate any help.</div><div><br></div><div>Here an example:</div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><linux-def:dpkginfo_test id="oval:com.ubuntu.xenial:tst:20176919000" version="1" check_existence="any_exist" check="all" comment="<b>Returns true whether or not the 'drupal7' package exists.</b>"><br><span style="white-space:pre"> </span><linux-def:object object_ref="oval:com.ubuntu.xenial:obj:20076752000"/><br></linux-def:dpkginfo_test><br><linux-def:dpkginfo_object id="oval:com.ubuntu.xenial:obj:20076752000" version="1" comment="The 'drupal7' package."><br><span style="white-space:pre">        </span><linux-def:name>drupal7</linux-def:name><br></linux-def:dpkginfo_object></blockquote></div><div><br></div><div>If the check return always true, it doesn't make sense...</div><div><br></div><div>Thanks.</div><div>Regards.</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 2, 2016 at 11:29 AM, Jesus Linares <span dir="ltr"><<a href="mailto:jesus@wazuh.com" target="_blank">jesus@wazuh.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>this is from the specific CVE: <span class="m_8911438507652353542gmail-pyg-n" style="color:rgb(0,0,0);font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px">xenial_libapache</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">-</span><span class="m_8911438507652353542gmail-pyg-n" style="color:rgb(0,0,0);font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px">mod</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">-</span><span class="m_8911438507652353542gmail-pyg-n" style="color:rgb(0,0,0);font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px">jk</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">:</span><span style="color:rgb(0,0,0);font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px"> </span><span class="m_8911438507652353542gmail-pyg-n" style="color:rgb(0,0,0);font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px">not</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">-</span><span class="m_8911438507652353542gmail-pyg-n" style="color:rgb(0,0,0);font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px">affected</span><span style="color:rgb(0,0,0);font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px"> </span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">(</span><span class="m_8911438507652353542gmail-pyg-mi" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(0,0,208);font-weight:bold">1</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">:</span><span class="m_8911438507652353542gmail-pyg-mf" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(96,0,224);font-weight:bold">1.2</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">.</span><span class="m_8911438507652353542gmail-pyg-mi" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(0,0,208);font-weight:bold">40</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">+</span><span class="m_8911438507652353542gmail-pyg-n" style="color:rgb(0,0,0);font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px">svn150520</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">-</span><span class="m_8911438507652353542gmail-pyg-mi" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(0,0,208);font-weight:bold">1</span><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)">)</span></div><div><span class="m_8911438507652353542gmail-pyg-o" style="font-family:"ubuntubeta mono","ubuntu mono",monospace;font-size:12.8697px;color:rgb(48,48,48)"><br></span></div><div>So, if it is not affected for xenial, the check should include the "negate" in order to return that is not a vulnerability, right?.</div><div><br></div><div>Regards.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Fri, Oct 28, 2016 at 9:10 PM, Seth Arnold <span dir="ltr"><<a href="mailto:seth.arnold@canonical.com" target="_blank">seth.arnold@canonical.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><span>On Fri, Oct 28, 2016 at 11:19:21AM +0200, Jesus Linares wrote:<br>
> I think this test should have the "negate" due to the comment "While<br>
</span>> related to the CVE in some way, the 'libapache-mod-jk' package in* xenial<br>
> is not affected*". So, maybe the input of the script is wrong?. Where is<br>
> the input?.<br>
<br>
The input is from the ubuntu-cve-tracker bzr tree;<br>
<br>
<a href="https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master" rel="noreferrer" target="_blank">https://code.launchpad.net/~ub<wbr>untu-security/ubuntu-cve-track<wbr>er/master</a><br>
<br>
In the case of this specific CVE:<br>
<br>
<a href="http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/view/head:/active/CVE-2014-8111" rel="noreferrer" target="_blank">http://bazaar.launchpad.net/~u<wbr>buntu-security/ubuntu-cve-trac<wbr>ker/master/view/head:/active/<wbr>CVE-2014-8111</a><br>
<br>
Thanks<br>
<br></div></div><span class="">--<br>
ubuntu-hardened mailing list<br>
<a href="mailto:ubuntu-hardened@lists.ubuntu.com" target="_blank">ubuntu-hardened@lists.ubuntu.c<wbr>om</a><br>
<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailm<wbr>an/listinfo/ubuntu-hardened</a><br>
<br></span></blockquote></div><span class=""><br><br clear="all"><div><br></div>-- <br><div class="m_8911438507652353542gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><b style="font-size:12.8px"><font color="#0b5394">Jesus Linares</font></b><div style="font-size:12.8px"><i><font color="#999999">IT Security Engineer</font></i></div><div style="font-size:12.8px"><i><font color="#999999"><img src="https://docs.google.com/uc?export=download&id=0Bx75KsPzHxO_THFpRzBONGpoeWs&revid=0Bx75KsPzHxO_aG5WOW1OU3p3V3JOVUczVDlPViszMTdGZUtrPQ" width="96" height="16"><br></font></i></div></div></div>
</span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><b style="font-size:12.8px"><font color="#0b5394">Jesus Linares</font></b><div style="font-size:12.8px"><i><font color="#999999">IT Security Engineer</font></i></div><div style="font-size:12.8px"><i><font color="#999999"><img src="https://docs.google.com/uc?export=download&id=0Bx75KsPzHxO_THFpRzBONGpoeWs&revid=0Bx75KsPzHxO_aG5WOW1OU3p3V3JOVUczVDlPViszMTdGZUtrPQ" width="96" height="16"><br></font></i></div></div></div>
</div>