CentOS Update for iwl1000-firmware CESA-2018:0094

tux · May 2, 2019, 9:23am

Hi,
the test above has an bug,
it will report an newer package as an older one.
CentOS Update for iwl1000-firmware CESA-2018:0094 centos7 OID: 1.3.6.1.4.1.25623.1.0.882829

Vulnerable package: iwl5000-firmware
Installed version: iwl5000-firmware-8.83.5.1_1-69.el7
Fixed version: iwl5000-firmware-8.83.5.1_1-58.el7_4
Using openvas scanner 6.0.0

Tino · May 2, 2019, 9:31am

Thanks for reporting a bug.
Which iwl5000-firmware version do you actually have? And did you use an authenticated scan?

tux · May 2, 2019, 9:44am

As you can see, I have package version iwl5000-firmware-8.83.5.1_1-69.el7 installed,
I have logged in the system an verified the rpm package version.
Package version 69.el7 is newer than 58.el7_4.

Tino · May 3, 2019, 9:29am

Oh dear, I have overlooked this myself as well.

The issue has been given to out developers, I will get back to you as son as it’s solved.

mps_surcouf · June 14, 2019, 2:33pm

I have also have this false positive with the same versions on Centos 7.

mps_surcouf · July 1, 2019, 8:12am

@Tino Any news? Still getting this on my scans. TIA

Tino · July 2, 2019, 1:32pm

We’re still working on solving the enumeration parsing issue and have, in a first step, lowered the QoD. I’ll suggest applying an over ride to this result for now, and will report back if the issue is fixed.

mps_surcouf · July 23, 2019, 11:32am

I believe this is fixed as of 2nd July update. Thanks for that

Mike