[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Openscap & rules "oval:org.debian.oval:obj:225"

$ sudo apt-get update
$ sudo apt-get install linux-image-amd64

This will install the updated kernel release package
linux-image-3.16.0-5-amd64 on Debian 8 and linux-image-4.9.0-5-amd64
on Debian 9.

Boot into the new kernel and you should see 3.16.51-3+deb8u1 for
Debian 8 Jessie and 4.9.65-3+deb9u2 for Debian 9 -
# uname -srv
Linux 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08)
# uname -srv
Linux 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)

https://security-tracker.debian.org/tracker/CVE-2017-5754

On Thu, Jan 11, 2018 at 3:43 PM, Poil <poil@quake.fr> wrote:
> I think your right, but I'm missing another thing :
>
> On all my server I have "Linux-image-3.2.0-4-amd64" "3.2.65-1+deb7u2"
> installed via the metapackage "linux-image-amd64"
> (https://packages.debian.org/fr/wheezy/amd64/linux-image-amd64/download)
>
> But when checking security there is another packages named
> Linux-image-3.2.0-4-amd64 and Linux-image-3.2.0-5-amd64
> (https://packages.debian.org/search?suite=wheezy&section=all&arch=any&searchon=names&keywords=linux-image-3.2)
> So I have one based on "linux-latest" and the latest update is based on
> "linux"
> http://security.debian.org/debian-security/pool/updates/main/l/linux-latest/linux-image-amd64_3.2+46+deb7u1_amd64.deb
> http://security.debian.org/debian-security/pool/updates/main/l/linux/linux-image-3.2.0-4-amd64_3.2.96-2_amd64.deb
> http://security.debian.org/debian-security/pool/updates/main/l/linux/linux-image-3.2.0-5-amd64_3.2.96-3_amd64.deb
>
> And apt-get (dist-)upgrade doesn't detect that packages from "Linux" are an
> updates of "Linux-latest"
>
> I don't understand why, is the metapackage linux-image-amd64 is fucked or is
> it normal ??
>
> Best regards,
>
>
> Le 11/01/2018 à 01:43, ultract a écrit :
>
> I guess "linux" is a name for a source package.
> (You can check on debian security tracker site)
> "linux-image-XXX" are names for binary packages like *.deb.
>
> Regards
> Junghwan Kang
>
> -----Original Message-----
> From: Poil [mailto:poil@quake.fr]
> Sent: Thursday, January 11, 2018 4:38 AM
> To: debian-security@lists.debian.org
> Subject: Openscap & rules "oval:org.debian.oval:obj:225"
>
> Hi,
>
> On my servers oscap, with a oval database from
> https://www.debian.org/security/oval/, is unable to match
> CVE-2017-5754/5753/5715
>
> I have to patch the rule "oval:org.debian.oval:obj:225" in the OVAL DB, to
> have a match (linux to linux-image-amd64).
>
> I don't understand why, there is no package named "linux" (...) Is anyone
> have a match without patching this rules ? Am I missing something ?
>
> Best regards,
> Poil
>
> Patch
>
>        <dpkginfo_object id="oval:org.debian.oval:obj:225" version="1"
> xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";>
>        <name>linux</name>
>      </dpkginfo_object>
>
> to
>
>          <dpkginfo_object id="oval:org.debian.oval:obj:225" version="1"
> xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux";>
>        <name>linux-image-amd64</name>
>      </dpkginfo_object>
>
>
> # dpkg -l "linux*"
>
> ii  linux-base 3.5                         all Linux image base package un
> linux-doc-3.2 <none>                                                  (no
> description
> available)
> un  linux-headers
> <none>                                                  (no description
> available)
> un  linux-headers-686-pae
> <none>                                                  (no description
> available)
> un  linux-headers-amd64
> <none>                                                  (no description
> available)
> un  linux-headers-generic
> <none>                                                  (no description
> available)
> un  linux-image <none> (no description available) un  linux-image-2.6-amd64
> <none>                                                  (no description
> available)
> un  linux-image-2.6-openvz-amd64
> <none>                                                  (no description
> available)
> un  linux-image-2.6-vserver-amd64
> <none>                                                  (no description
> available)
> un  linux-image-2.6-xen-amd64
> <none>                                                  (no description
> available)
> ii  linux-image-3.2.0-4-amd64 3.2.65-1+deb7u2
> amd64                       Linux 3.2 for 64-bit PCs ii  linux-image-amd64
> 3.2+46
> amd64                       Linux for 64-bit PCs (meta-package) un
> linux-initramfs-tool <none>
> (no description
> available)
> un  linux-kernel-headers
> <none>                                                  (no description
> available)
> un  linux-kernel-log-daemon
> <none>                                                  (no description
> available)
> un  linux-latest-modules-3.2.0-4-amd64
> <none>                                                  (no description
> available)
> ii  linux-libc-dev:amd64 3.2.65-1+deb7u2
> amd64                       Linux support headers for userspace development
> un  linux-modules-3.2.0-4-amd64 <none>
> (no description
> available)
> un  linux32 <none>                                                  (no
> description available)
>
>
>



-- 
Regards
Ashijit
Reply to: