Hello, The OpenVAS developers are happy to announce the release of openvas-plugins 1.0.6. This is a maintenance release of the openvas-plugins module for the Open Vulnerability Assessment System (OpenVAS).
It fixes various issues discovered after the release of openvas-plugins 1.0.5 and adds a large number of new Network Vulnerability Tests (NVTs), now in total over 10,000. Many NVTs are being reactivated by adding mandatory dependencies - these dependencies were missing because they were subject of proprietary licensing and this were not inherited from Nessus. If you are using openvas-plugins 1.0.2 or earlier we strongly recommend that you upgrade to openvas-plugins 1.0.6. Openvas-plugins 1.0.2 and earlier contains a bug which results in plugins having incorrect ownership information after synchronization with openvas-nvt-sync. Depending on your configuration, this may result in plugins being writable by a normally unprivileged user. This issue is currently rendered ineffective by a workaround of the OpenVAS Feed Server, but this workaround may be removed in the near future. Openvas-plugins 1.0.3 or later is unaffected by this issue. We recommend that you run the openvas-nvt-sync script at least once after you have finished installing openvas-plugins 1.0.6 to make sure you are using the most up-to-date plugin collection. Please note that you will have to restart running OpenVAS server instances to make the new plugins visible to clients. Effects when installing this version: * A number of NVTs have been adjusted to provide inform if they were unable to complete their checks instead of failing silently. This may lead to larger reports depending on your individual configuration. * The synchronization script (openvas-nvt-sync) no longer preserves timestamps when synchronizing. This may cause the synchronization to take slightly longer depending on your installation. * Several so-called "C-Plugins" (suffix .nes) have been replaced by NASL equivalents. If you want to remove these deprecated NVTs, you should eliminate any *.nes file from your plugins directory before installing the new openvas-plugins 1.0.6. * If you are applying openvas-nvt-sync to be in sync with the OpenVAS NVT Feed, then you already have most of the changes and updates in your plugin directory. However, you should take care of removing the superfluous "C-Plugins" (see above). Main changes since 1.0.5: * More than 4,000 new NVTs have been added. * A large number of existing NVTs have been updated and improved. * The build environment has been updated. * The plugin_feed_info.inc file has been removed from the openvas-plugins module since it has been returned to its real purpose and is provided by security feed providers now. * A generator for Local Security Checks has been added. This tools was used to create NASL-scripts for OpenSUSE, Ubuntu, RedHat, Fedora and Mandriva back to January 1st, 2007. * Support for the improved SSH credential management available in openvas-server 2.0.1 and later has been added. * openvas-plugins can now be configured and installed without the --enable-install configuration option. * An install-minimal target has been added to the build target. This target will install openvas-plugins without any *.nasl and *.inc files which is useful for testing purposes or when synchronization with a security feed will occur anyway after installation. * Obsolete inline signatures have been removed from files which still contained them. * A number of obsolete NASL_LEVEL checks have been removed. * The following NVTs written in C have been replaced with NASL scripts: - ftp_write_dirs (by ftp_writeable_directories.nasl) - linux_tftp (by tftpd_detect.nasl and tftpd_dir_trav.nasl) - smad (by remote-smtp-smad.nasl) - nmap_wrapper (by nmap.nasl) - objectserver (by remote-sgi-objectserver.nasl) Many thanks to everyone who has contributed to this release: Chandrashekhar B, Tim Brown, Christian Eric Edjenguele, Vlatko Kosturjak, Michael Meyer, Thomas Reinke, Chandan S, Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. Regards, Michael Wiegand -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgp4cCFGaWPXE.pgp
Description: PGP signature
_______________________________________________ Openvas-announce mailing list Openvas-announce@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-announce
