Bug 1304511
Summary: | oscap oval eval --results produces CVE results for incorrect kernel | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Bryan Totty <btotty> |
Component: | openscap | Assignee: | Šimon Lukašík <slukasik> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.7 | CC: | mpreisle, openscap-maint |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-04 12:27:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bryan Totty
2016-02-03 21:14:24 UTC
Is kernel-2.6.32-358.69.1.el6.x86_64 installed on the machine? The CVE scan will report vulnerabilities for all installed packages, not just the ones that are running or in use. Hello Bryan, Thanks time you spent filing this bug. Please communicate the following to the customer. Based on the sos report, on the system there are three kernels packages installed: kernel-2.6.32-358.el6.x86_64 kernel-2.6.32-504.23.4.el6.x86_64 kernel-2.6.32-573.12.1.el6.x86_64 The vulnerability scan looks for any package that is vulnerable and is installed on the system. Hence you have got reports for kernel-2.6.32-358.el6.x86_64. The rationale is that here is a risk that someone would boot to this kernel package. |