notus-scanner icon indicating copy to clipboard operation
notus-scanner copied to clipboard
verified publisher icon greenbone

False positives (negatives?) received on nvts due to ubuntu fips packages not being understood by Notus

Open mguzsklk opened this issue 2 years ago • 1 comments

Hi,

I'm using the latest community edition of greenbone and have discovered that my FIPS compliant hosts are being reported as having vulnerabilities due to the scanner not interpreting the fips in the package names. For Example:

Detection Result
Vulnerable package:   openssl
Installed version:    openssl-1.1.1f-1ubuntu2.fips.18
Fixed version:      >=openssl-1.1.1f-1ubuntu2.15

I posted a question on the community board about this and they asked me to open an issue with you.

Let me know if you need more information

Cheers

Mark Guz

mguzsklk avatar Oct 31 '23 14:10 mguzsklk

Related to: #313 (Something similar solved for RPM based package checks)

cfi-gb avatar Oct 31 '23 14:10 cfi-gb