Hello, The OpenVAS developers have just released two important security releases for the Open Vulnerability Assessment System release series 6 and 7 (OpenVAS-6 and OpenVAS-7).
The releases are: - OpenVAS Manager 4.0.6 - OpenVAS Manager 5.0.7 We highly recommend to update your OpenVAS installation to the versions listed above immediately. It has been identified that OpenVAS Manager is vulnerable to sql injections due to a improper handling of the timezone parameter in modify_schedule OMP command. It has been identified that this vulnerability may allow read-access via sql for authorized user account which have permission to modify schedule objects. For details and current information on this vulnerability please refer to the following page on the OpenVAS website: http://www.openvas.org/OVSA20141128.html The source tarballs for the releases are available for download from the OpenVAS website at: https://wald.intevation.org/frs/?group_id=29 This page contains signatures and checksums for the source tarballs as well. You can find links to the latest source tarballs for all currently maintained releases here: http://openvas.org/install-source.html Binary packages for major GNU/Linux distributions by third parties are expected to follow soon. Regards, Michael Wiegand -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
pgp9wCgv1hGsS.pgp
Description: PGP signature
_______________________________________________ Openvas-announce mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-announce
