Notus not properly catching/interpreting the installed versions on Ubuntu 20.04
engren opened this issue · comments
Hans commented
I am using notus-scanner v22.4.1 and noticed that I am getting alot of false positive after enabling this for my GVM scans. A rock solid example would be libxml2 that popped on all my nodes that has this installed;
USN-4991-1
Vulnerable package: libxml2
Installed version: libxml2-2.9.14+dfsg-0+ubuntu20.04.1+deb.sury.org+1
Fixed version: libxml2-2.9.10+dfsg-5ubuntu0.20.04.1
Another that popped up in my lists are dpkg:
USN-5446-1
Vulnerable package: dpkg
Installed version: dpkg-dev-1.19.7ubuntu3.2
Fixed version: dpkg-1.19.7ubuntu3.2
Christian Fischer commented
Björn Ricks commented
Fixed with 22.4.2 release.