mainek00n | I have a question about fixed versions of kernel-related packages in OVAL, such as the linux package. | 00:22 |
---|---|---|
mainek00n | For example, https://ubuntu.com/security/CVE-2022-3635 says that the bionic linux package will be fixed in 4.15.0-197.208. | 00:22 |
mainek00n | But in OVAL (definition id: oval:com.ubuntu.bionic:def:202236350000000), I can only find 0:4.15.0-197 in the criteria section. The description says 4.15.0-197.208, but that was linked to the binary package. | 00:22 |
mainek00n | How should fixed versions of Kernel-related packages, such as linux packages, be handled in OVAL? | 00:22 |
-ubottu:#ubuntu-security- A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3635> | 00:22 | |
tomreyn | i suppose the person who is supposedly ( /topic ) on community assignment, is actually on holidays. ;-) | 01:41 |
amurray | mainek00n: ebarretto is the main OVAL expert - am hoping he can help answer the kernel version question | 23:13 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!