Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positives (negatives?) received on nvts due to ubuntu fips packages not being understood by Notus #552

Open
mguzsklk opened this issue Oct 31, 2023 · 1 comment
Open

False positives (negatives?) received on nvts due to ubuntu fips packages not being understood by Notus #552

mguzsklk opened this issue Oct 31, 2023 · 1 comment

Comments

@mguzsklk
Copy link

Hi,

I'm using the latest community edition of greenbone and have discovered that my FIPS compliant hosts are being reported as having vulnerabilities due to the scanner not interpreting the fips in the package names.
For Example:

Detection Result
Vulnerable package:   openssl
Installed version:    openssl-1.1.1f-1ubuntu2.fips.18
Fixed version:      >=openssl-1.1.1f-1ubuntu2.15

I posted a question on the community board about this and they asked me to open an issue with you.

Let me know if you need more information

Cheers

Mark Guz
@cfi-gb
Copy link
Member

cfi-gb commented Oct 31, 2023

Related to: #313 (Something similar solved for RPM based package checks)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cfi-gb @mguzsklk